Niels Provos

I often use Tor for anonymous web browsing; mostly when investigating malware distribution sites. Most people configure their browser so that it proxies HTTP via Privoxy to the Tor network. At that point, Tor is doing your DNS resolutions and also hides your TCP connections from preying eyes. Or at least, so one would think. There are many ways in which an adversary can trivially circumvent this setup. For example, if we configure the browser to proxy only HTTP, a malicious web page can easily open an HTTPS connection and reveal your IP address. Things get much worse when scripting languages such as Javascript, Flash or Java come into play. Flash can open raw sockets and learn a lot about your local environment.

To prevent information leakage, we ideally would run a virtual machine that tunnels all traffic via Tor, such as the VirtualPrivacyMachine. However, if you do not want to go through all that trouble, Systrace can come to the rescue. For investigations, I run Firefox under Systrace with a systrace policy that allows connections only to Privoxy. All other connections attempts are denied and logged. It is interesting to see how many connections Firefox tries to do all by itself that do not go via the proxy. There are update pings, and all kinds of other connections.

In this case, Systrace is not being used against an adversary but rather against an untrusted application. It works quite nicely at that, too.

The Name of the Wind by Patrick Rothfuss is one of the best fantasy books that I have read lately. I literally spent a whole weekend reading the book from start to finish. The book tells the story of Kvothe, a musician and arcanist, who has achieved almost legendary status and mysteriously vanished. Kvothe is now a bar keeper in a little town of no particular importance. His story is being told as a biography. It is superbly written and I am really looking forward to the next two books!

I am happy to announce the release of libevent 1.4.5-stable. You can download the source here:

http://monkey.org/~provos/libevent-1.4.5-stable.tar.gz

There have been a few bug fixes since 1.4.4-stable. Here's a brief summary:

• Several HTTP fixes
• Fixed the Windows port
• event_rpcgen.py correctly generates fixed length entries now

See the changelog for full details.

We would like to thank the people who have reported bugs including Forest Wilkinson, liusifan and others. To report a bug, make a feature request, or submit code, you can use our sourceforge interface here.

Fifteen years ago my father wrote a fantasy novel that no publisher in Germany wanted to print. As Christmas present, I decided in October last year to get the book printed professionally as a hard cover. It took about nice months to do layout, copy editing and getting illustrations as well as a dust cover painted. It even got an ISBN number: 978-0-9816907-0-4. I received a palette with 380 books today and they really look great. The cover is a red linen with golden stamping and the offset print is very clear and crisp. If you can read German, most of the text is also available online, but a printed book reads much nicer.

I am happy to announce the release of libevent 1.4.4-stable. You can download the source here:

http://monkey.org/~provos/libevent-1.4.4-stable.tar.gz

There have been a few bug fixes since 1.4.3-stable. Here's a brief summary:

• Epoll fixes
  
  • Correctly handle timeouts larger than 35 minutes for older Linux kernels


• Tagging fixes:
  
  • Fixes a potential stack corruption on 64-bit architectures


• Bufferevent changes:
  
  • Fixes a corner cases for read watermarks
  
  
  • Expose the watermark functionality in bufferevent


• HTTP changes:
  
  • Fix a bug where it was not possible to accept on multiple sockets
  
  
  • Expose the evhttp_accept_socket() functionality which allows the HTTP server to listen on an already created socket


• Portability fixes:
  
  • Fix functionality and compile problems on Windows and IRIX
  
  
  • Provide a timercmp function that works on all platforms

See the changelog for full details.

We would like to thank the people who have reported bugs including Matt Domsch, Forest Wilkinson, Jon and several anonymous reporters. To report a bug, make a feature request, or submit code, you can use our sourceforge interface.

This release addresses a number of correctness and reliability problems with the ptrace backend. Tavis Ormandy provided fixes for the following problems: a potential escape of socket aliases and double free and a problem with fork and ptrace (CVE-2007-4773). The tar ball for Systrace 1.6e can be downloaded here. Just keep in mind that ptrace has not been designed as a security primitive and while the ptrace backend can restrict the behavior of programs in non-adversarial settings, there are many ways to circumvent it.