[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hoax?



On Wed, 04 Jan 2012 19:24:56 +0000
"Geoff Down" <geoffdown@xxxxxxxxxxxx> wrote:
> Let's try that again...
> http://pastebin.com/jBPFsUSg
> "We did crack Tor's encryption to reveal 190 IP addresses of
> individuals using Tor for Child Pornography"

"There are two recent stories claiming the Tor network is compromised.
It seems it is easier to get press than to publish research, work with
us on the details, and propose solutions. Our comments here are based
upon the same stories you are reading. We have no insider information.

The first story has been around 'Freedom Hosting' and their hosting of
child abuse materials as exposed by Anonymous Operation Darknet. We're
reading the press articles, pastebin urls, and talking to the same
people as you. It appears 'Anonymous' cracked the Apache/PHP/MySQL
setup at Freedom Hosting and published some, or all, of their users in
the database. These sites happened to be hosted on a Tor hidden
service. Further, 'Anonymous' used a somewhat recent RAM-exhaustion
denial of service attack on the 'Freedom Hosting' Apache server. It's a
simple resource starvation attack that can be conducted over low
bandwidth, low resource requirement connections to individual hosts.
This isn't an attack on Tor, but rather an attack on some software
behind a Tor hidden service. This attack was discussed in a thread on
the tor-talk mailing list starting October 19th."

From 24 October 2011:
https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated

-- 
Andrew
http://tpo.is/contact
pgp 0x74ED336B
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk