Silk Road forums
Discussion => Security => Topic started by: beachcomber on June 28, 2013, 09:01 am
-
I want to use canada posts online shipping tool to send stuff without having to appear in a post office. the system produces a label you print, this is given in pdf format through a link that takes you to a page where the file then opens, tor prompts with a warning that an external app is required. i would save the file if i could, but i dont see any way to do this, as the link is not to the pdf itself. i think they do this for a number of reasons, but the pdf expires and can longer be accessed after 48 hrs.
how can i open this file to print it without revealing myself?
thanks for any advice.
-
I don't know, man. Using TOR to access the shipping tool website might be riskier than downloading the PDF. Accessing MTGOX through TOR, for example, is a sure way to get your account flagged, and there have been stories of US vendors and buyers who've had trouble with shipments after trying to track them through TOR. I'd be more worried about the package being watched because I'd gone through TOR to get the labels than I would downloading the PDF itself.
To clarify: downloading a PDF will not *necessarily* reveal your IP address. It's just that PDFs can be injected with programs that can, when run, connect back to their originators using your normal internet connection. I doubt that the generated shipping label from Canada Post would include any links or programs that might unmask you, or at least the computer-generated barcode sheets I've seen seem clean.. It's more likely (imo) that any labels ordered or tracked using TOR would get extra attention.
But to answer your original question: if you're really concerned, use Tails to download the file, or run TOR through a VM and do the same. And then disconnect from the web before opening it.
-
Use tor on your network layer rather then in your browser. 'Middlebox' or using a few virtual machines can do the trick
-
Use Tails.
It Torifies your internet connection, so even if opening the PDF will cause it to connect to the internet, it will be through Tor, and your IP will be safe
-
I keep a set of clean VirtualBox appliances as disposable VMs for testing purposes. When that malware site was mass messaged to people, I was able to test out the malware in a disposable WinXP VM. You can use them to open PDFs too.
-
I keep a set of clean VirtualBox appliances as disposable VMs for testing purposes. When that malware site was mass messaged to people, I was able to test out the malware in a disposable WinXP VM. You can use them to open PDFs too. They take about a minute to import, and seconds to destroy after using.
How to Torify any OS with VirtualBox and Whonix-Gateway
http://dkn255hz262ypmii.onion/index.php?topic=161335.msg1148298#msg1148298
Is it possible for a malicious piece of software to get out of a VM? I'm not really sure how a VM interacts with the host OS but its something that has always slightly bothered me about VMs (thought not enough to actually stop me using one!).
-
I don't know, man. Using TOR to access the shipping tool website might be riskier than downloading the PDF. Accessing MTGOX through TOR, for example, is a sure way to get your account flagged, and there have been stories of US vendors and buyers who've had trouble with shipments after trying to track them through TOR. I'd be more worried about the package being watched because I'd gone through TOR to get the labels than I would downloading the PDF itself.
To clarify: downloading a PDF will not *necessarily* reveal your IP address. It's just that PDFs can be injected with programs that can, when run, connect back to their originators using your normal internet connection. I doubt that the generated shipping label from Canada Post would include any links or programs that might unmask you, or at least the computer-generated barcode sheets I've seen seem clean.. It's more likely (imo) that any labels ordered or tracked using TOR would get extra attention.
I agree with Lorimer big time!! I would not be using TOR to go to there site at all. not a good idea. if your worried just use a public computer or public wifi at some mcdicks or something. just dont use TOR
-
Is it possible for a malicious piece of software to get out of a VM? I'm not really sure how a VM interacts with the host OS but its something that has always slightly bothered me about VMs (thought not enough to actually stop me using one!).
Theoretically yes, but I've never read about a case of it happening. If someone has references, that would be great.
It's probably much safer than opening an untrusted binary in Tails, where things like privilege escalation exploits are much more common and widely known.
-
What good would privilege escalation be in tails? If you are using tails to check an unknown file then presumably you are running it without admin privileges and the hard drives of the machine (assuming there are any) are inaccessible. Can tails even catch a boot-loader or similar?
Whatever the outcome the disposable VM thing is the solution to those problems.
-
Tails has an option to login with root privileges or not. It's the first dialogue you see.
The issue is that an exploit with root privileges can disable the firewall and/or Tor and "phone home" over clearnet, deanonymizing you.
Running Tor in a separate VM, as in the Whonix setup in my guide, is much safer.
-
Tails has an option to login with root privileges or not. It's the first dialogue you see.
The issue is that an exploit with root privileges can disable the firewall and/or Tor and "phone home" over clearnet, deanonymizing you.
Running Tor in a separate VM, as in the Whonix setup in my guide, is much safer.
Yes, but once you choose whether to have admin privileges or not then that can't be changed for the rest of that session. So unless you opened an infected file while you were logged in with admin privileges then there could be no escalation and thus no changing of firewall rules, no?
Unless the attack was directed specifically against tails users (which made use of the unsafe browser) then any attempt to phone home would be forced through Tor like everything else wouldn't it? Would an exploit that went through Tor be able to compromise you (other than acting as a keylogger etc and sending the information home)?
-
Yes, but once you choose whether to have admin privileges or not then that can't be changed for the rest of that session. So unless you opened an infected file while you were logged in with admin privileges then there could be no escalation and thus no changing of firewall rules, no?
A "privilege escalation" exploit, as the name implies, is where malware gains unauthorized privileges (such as root) by exploiting bugs in the security mechanisms. These do exist, potentially on Tails.
https://en.wikipedia.org/wiki/Privilege_escalation
-
Thank you for the link, its high time I actually did some primary research (HAH! Wikipedia! primary research?) about this sort of thing.
What I am (somewhat ineptly) driving at is that 'm not sure that a standard type of privilege escalation attack would work on tails since (AFAIK) the root account is disabled completely if chosen at start-up. So there would be no higher level account for the attacker to gain access to.
The tails devs seem to think that tails should be resistant to such an attack, but then they would, wouldn't they
https://tails.boum.org/forum/Root_login/
-
What I am (somewhat ineptly) driving at is that 'm not sure that a standard type of privilege escalation attack would work on tails since (AFAIK) the root account is disabled completely if chosen at start-up.
Your access to it is disabled, but the point of a privilege escalation attack is that it exploits bugs in the security mechanisms that normally prevent you from logging in as root.
The root account isn't gone, if that's what you're thinking. Root is the first user and most system services must run as root, since they must be owned by someone.
Open a terminal in (non-admin) Tails and type: ps aux | grep root
It still exists.
-
What about just going for a coffee at a shop that has free wifi and grabbing all your .pdfs then going home and printing them. Or do you have to print them when you open the .pdf without any way to save them? Could also just find an open wifi close by and get them that way. You could also subscribe to a VPN service that isn't too pricey and access it that way and print them. I've subscribed to some in the past with nothing more than a prepaid card and bullshit email address. I doubt they will flag VPN but they might flag Tor.
-
Ah I see, now I am progressing.
Sorry if I am being slow here but could an attack gain root privileges if there is no password set? presumably if system services require root access it can be accessed to allow them to run without any password being set by the user?
+1 for patient explanations
-
Just use wifi at cafes and be mindful of cameras. Or buy a long range USB wifi adapter and access a hundred different networks around the city.
Also if you want to download the pdf's instead of opening them, remove all pdf file associations so the browser asks what you want to do with it (save to disk).
Google "OSX file associations" or "Windows 7 file associations" or whatever you're using.
-
Ah I see, now I am progressing.
Sorry if I am being slow here but could an attack gain root privileges if there is no password set? presumably if system services require root access it can be accessed to allow them to run without any password being set by the user?
+1 for patient explanations
The kernel has a process table that tracks stuff about each program running -- files currently opened by the process, the user ID of the account that started it, etc.. Basically when you try to do something basic in a program (basic as in read a file from the hard drive, etc.), you make a system call to the kernel. When you do that, the kernel checks the information for the calling process. Part of what it checks are the permissions of the file for the user ID that owns the process and whether the requested access to the file should be allowed (read, write, execute, etc.). If it decides access should be granted, it gets the data you requested and hands it to the calling program. The details vary by system call, but that's the basic idea.
If you somehow manage to replace the user ID of who started the calling process with root's user ID in the process table, the kernel will see the program as having been executed by the superuser no matter who actually started the program. Doing that is very tricky, but that's basically what a privilege escalation attack comes down to. So the password is pretty much a moot point. In fact, locking an account with the "passwd" program at a shell actually is accomplished by changing the password for that account to something impossible (at least that's how it was a decade ago) -- so really the account doesn't get disabled, it's more that logging in as that user becomes impossible; but nothing else is actually done to the account.
In short, it really doesn't much matter if the account can't be logged in to if you can find a way to just bypass logging in and directly change the owning user for a process in the kernel's little "process info" section.
Also, when you execute a program in linux (which amounts to creating a new process), what happens is the current process is cloned. A lot of the data is just copied from the entry in the process table, including the owning user. Since the kernel runs as root, everything that executes during boot is "copied" directly and is therefore executed as root as well. It's not until something deliberately changes it's owning process (which root can always do, because root can do anything at all) that you actually end up as a different user.
So you can see how stuff like drivers and system management programs don't need to use a password at all -- they run as root no matter what the password for root is, provided the process that actually cloned itself to start a new program was root.