Tortilla tool makes anonymizer Tor more digestible

Tor's famous for anonymizing your Internet activities and infamous for being a pain to use. Debuting at Black Hat, the Tortilla tool smooths out some of the global network's rough edges.

Seth Rosenblatt Former Senior Writer / News

Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.

See full bio

Seth Rosenblatt

July 31, 2013 6:44 p.m. PT

2 min read

Tortilla creator Jason Geffner answers an question from his audience about how Tortilla allows plug-ins when using Tor. Seth Rosenblatt/CNET

LAS VEGAS -- The Onion Router's popularity as a Internet traffic anonymizing network that can be used just about anywhere belies some of its limitations. To combat those, one security researcher at Black Hat 2013 here figured out a way to make Tor more palatable.

And to the consternation of people who hate food names and metaphors, it's called Tortilla (download).

"People couldn't easily anonymize their Internet traffic," Jason Geffner, Tortilla's inventor, told CNET after his presentation. "This opens a whole realm of opportunities for them."

Geffner developed the free, open-source, and Windows-only Tortilla with help from his colleagues at Crowdstrike, where he's a senior security researcher. It answers the question of how to wrap Tor securely around Internet traffic, Geffner told his audience.

It also addresses two of the biggest problems with Tor, Geffner said during his short, 25-minute-long "Lightning" session at the conference. It fixes what he termed "the Firefox problem" and untangles SOCKS server issues. SOCKS, at its simplest, is a way to transfer data from one computer to another through a proxy.

The Firefox problem, Geffner said, is that the browser has had twice the number of discovered vulnerabilities in the past year than Internet Explorer. The Tor browser bundle, which lets you run Tor without installing any software, is limited to Firefox use only, and Tor blocks plug-ins for security reasons.

"If Firefox gets exploited, the malware could circumvent the Tor tunnel entirely," he said.

The SOCKS server problem prevents TCP proxying via SOCKS in most cases, and in cases where the software supports it, DNS proxying isn't.

Tortilla solves both of these issues and allows Tor to be used with virtual machines. This, Geffner said, makes it an excellent tool for security experts who want to visit or test attack Web sites, or blogs written by people who run attack Web sites, without leaving traceable tracks.

"It acts on DHCP, ARP, DNS, and TCP packets, and drops everything else," Geffner said, in explaining what kinds of Internet traffic work with Tortilla. He added that Tortilla is failsafe, so that you can run it before or after you start your virtual machine or Tor itself.

The benefits of Tortilla for security researchers are apparent, but there's nothing stopping people who are concerned with their online privacy from using it, either, Geffner said. "The fact that we're using Tor isn't a secret," when using Tortilla, he said, "but our identity is."

Given that people are arguably more concerned with online privacy now than in the history of the Internet, it's hard to imagine people not clamoring for more tools like Tortilla.

Correction, August 1 at 11:00 a.m. PT: An earlier version of this story misidentified SOCKS. SOCKS, at its simplest, is a way to transfer data from one computer to another through a proxy. This story was also updated to clarify the Tor browser bundle.