[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden service honeypot

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Hidden service honeypot
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Mon, 22 Jun 2015 23:56:44 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 22 Jun 2015 23:56:59 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=dgTG1pV6MOmmWnEzqXW399ulTAcl4Ads/hcgJ/04YwI=; b=YJXZ3rJvBUEWpaCm/zlAhjzB4Y1O1eI7/r+ayzE4RGgczoNeUcMvgmbLyMTwLvbIdV /mDg0dydqsvJQKgNS1vxIbT9Yxrd5f7Bc4m70gcMfSuPvRwdYEyrSGp1WMHL36ebH4ug Rkgx6rJ32wKRqgOwLmhhjvRErKy17NAv0UGMXKU8qy+wOuAp3Nyu+xC+zBns0KrSfyxP xw9vMlOsJYGIbCEpdW65Ytl/1mtkcpXpWsU2p86q+rQnSWNSaaiP5uN3q1PxuNrd33c3 FxPmM0xiXKNrSIHENzknn4dds5tNxKylwhhEIltUobH95p0wpnEfsfL4VCCtKU16S/17 St/Q==
In-reply-to: <ab223f4061153c88e9e956c65c4b7f0d.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <ab223f4061153c88e9e956c65c4b7f0d.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mon, Jun 22, 2015 at 6:36 PM,  <bidet@xxxxxxxxxxxxxxx> wrote:
> The landing page includes some javascript that looks shady.
> ...
> I'm interested in knowing how this affects the tor browser and tails, and
> could this technique be used in other scenarios by different adversaries.

If one thinks that TBB and VM is all that is needed to protect oneself
from random driveby 0day exploits, you need to think again. The
minimum is independant routing into tor via external device. And
even that assumes tor and the device and its stack aren't breakable
or broken. Layer defences, do not use just one.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Hidden service honeypot
  - From: bidet

Prev by Author: Re: [tor-talk] Matryoshka: Are TOR holes intentional?
Next by Author: Re: [tor-talk] Matryoshka: Are TOR holes intentional?
Previous by thread: [tor-talk] Hidden service honeypot
Next by thread: [tor-talk] Battlemesh travel scholarships available
Index(es):
- Author
- Thread