Delivery-Date: Sun, 07 Dec 2014 06:39:11 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B0A641E01B3;
	Sun,  7 Dec 2014 06:39:09 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 5E60A31BCD;
	Sun,  7 Dec 2014 11:39:03 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 6C73B31BAF
 for <tor-talk@lists.torproject.org>; Sun,  7 Dec 2014 11:39:00 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VZaJkYJUHrgu for <tor-talk@lists.torproject.org>;
 Sun,  7 Dec 2014 11:39:00 +0000 (UTC)
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com
 [IPv6:2a00:1450:4010:c03::236])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 10B1831AF9
 for <tor-talk@lists.torproject.org>; Sun,  7 Dec 2014 11:39:00 +0000 (UTC)
Received: by mail-la0-f54.google.com with SMTP id pv20so2721200lab.13
 for <tor-talk@lists.torproject.org>; Sun, 07 Dec 2014 03:38:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=DpVifBJ0B+ax5jWZG9EL69lvwByuhWrMEba4OOHefMQ=;
 b=y6Ncv/sA5Z8DOr0cx7yc78HwWJ0Gli9bzJuiik7JUuxVrmO7rh76QqhOy6BJO1Cy5L
 oKLXSq7GCFPhXanR0vIbYvIhTcrPBp8bn2jYsb8gRPSmw9czXVSgUR7nk2hdE8vC0Lud
 Mr1Ogp8h1UholJp8wd8qHKyqE5C3plfk+alkn3UCg0dLzIDkoAnKZDaQq/cBUQ3nRo9c
 QpHwh/tpRrsSbd7dcQd5v3PfaMD5hK0BXqHmpxavZnCWhVOpEe+l0MqHXVYe2sj6Now8
 kMdIzajNhScMMTRwB3g95YpFLvhgBgEpajXuqhqV3l4Fw6H00dlWd/aualsGlEcZH+PR
 FYtg==
MIME-Version: 1.0
X-Received: by 10.152.170.170 with SMTP id an10mr11338105lac.46.1417952336866; 
 Sun, 07 Dec 2014 03:38:56 -0800 (PST)
Received: by 10.112.156.225 with HTTP; Sun, 7 Dec 2014 03:38:56 -0800 (PST)
In-Reply-To: <20141207105039.GA28271@lo.psyced.org>
References: <20141207023823.15123l26w3vbay2o@www.vfemail.net>
 <CAJVRA1RaBkxNGLmTSSDOLSNijeTYX0EohOOeCw+LLMfeDJJ-kg@mail.gmail.com>
 <20141207105039.GA28271@lo.psyced.org>
Date: Sun, 7 Dec 2014 03:38:56 -0800
Message-ID: <CAJVRA1RHjoKTFsELdm7pnpHEmPO-vZiio9AzhtbX4n=B8UoMcg@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] NSA TAO Exploit of Whonix Qubes - EGOTISTICALSHALLOT
 - Martin Peck
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 12/7/14, carlo von lynX <lynX@time.to.get.psyced.org> wrote:
> ...
> This question may spell a change of topic, but wouldn't
> it make much more sense to introduce backdoors into debian,
> gaining thus access to any derivate distribution?

exploits are developed at all levels of the system. from attacking
applications, to subverting operating system updates and package
management, down to compromising random number generator instructions.

some of these techniques are more complicated than others. some may
involve active triggers vs. always affecting all users. some may
require a window of opportunity, while others can be launched at any
time. and so on...

would compromising Debian upstream be easier?  probably, but it would
also be more visible.



> I know that currently 13600 packages of debian can be built
> reproducible [1], but does that mean that at least those are
> being distributed with reproducible binaries? I assume not.

this is two concerns:

1) if built packages can be verified independently. (reproducible builds)
2) if packages are distributed to users securely. (signatures on pkgs, etc.)

you need to cover both, of course. but they only address part of the
problem.  a vulnerable application that is reproducibly built, and
properly signed, and verified before installation, is still
vulnerable.


> My current state of information is such that any source-code
> based distribution is less likely to be affected by backdoors
> until debian and all derivates indeed ship reproducible binaries.
> If Whonix can be rebuilt from source, so can Qubes OS?

how do you securely distribute sources to be built?  a source based
distribution has different trade-offs, rather than being immune to
tampering.

you can of course build any of these from source. (all of them open source).



> Why bother with Whonix or TAILS specifically? Making use of
> backdoors is in any case risky since folks like us may have
> the competence to notice those activities going on... and
> possibly document how they work.

some vulnerabilities are specific to a single build or architecture,
some are specific to configuration, some are specific to opportune
timing or position, and so on.

which route is chosen, backdoor or exploit, varies by situation, and
of course, the visibility of either varies quite a bit too.



> But what do I know. The more I dig into this, the more I gather
> how much I am left in the dark.

if there's one thing we've learned the last few years, it is that all
avenues are pursued. backdoors and exploits both, and at all levels,
from operating system to end user applications.

best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

