[tahoe-dev] XSRF attacks -- we need to do something about v0.5
ZOOKO at zooko.com
Tue Aug 21 11:57:44 PDT 2007
I just realized that the v0.5 release announcement , sent out last
Because this software is new, it is not yet recommended for storage of
highly confidential data nor for important data which is not otherwise
backed up. Given that caveat, this software works and there are no
known security flaws which would compromise confidentiality or data
However, thanks to nejucomo, we *do* know of a security flaw which
would compromise confidentiality or integrity.
In order to be honest with our users and potential users, we should
add a note to the http://allmydata.org front page, which says
The v0.5 release of Tahoe is vulnerable to an XSRF attack. An XSRF
-- or "Cross-Site Reference Forgery" attack is one in which an
attacker creates an innocuous-looking hyperlink, and if a user clicks
on that hyperlink then it causes deletion or theft of the user's
data. We are working on a fix for this problem, and in the meantime
if you have stored any private or precious data on a tahoe grid, then
you can make sure that you are not exposed to this threat by shutting
down your tahoe node before browsing the web.
As usual, I want Brian's feedback on this proposal.
More information about the tahoe-dev