[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Please suggest domain registrats that are Tor (and bitcoin) friendly.



> Here's the point: in a VPS situation, you are, absolutely, at the mercy of
> the provider of the VPSes, and possibly to the providers of the data
> center.

And here's a topical article if you ain't seen it yet:
https://it.slashdot.org/story/16/06/11/1247240/bitdefender-finds-hypervisor-wiretap-for-reading-tls-encrypted-communications
"
Orome1 quotes a report from HelpNetSecurity:
Bitdefender has discovered that encrypted communications can be decrypted
in real-time using a technique that has virtually zero footprint and is
invisible to anyone except extremely careful security auditors. The
technique, dubbed TeLeScope, has been developed for research purposes and
proves that a third-party can eavesdrop on communications encrypted with
the Transport Layer Security (TLS) protocol between an end-user and a
virtualized instance of a server.

Bitdefender says the new technique "works to detect the creation of TLS
session keys in memory as the virtual machine is running." According to
HelpNetSecurity, this vulnerability "makes it possible for a malicious
cloud provider, or one pressured into giving access to three-letter
agencies, to recover the TLS keys used to encrypt every communication
session between virtualized servers and customers. CIOs who are
outsourcing their virtualized infrastructure to a third-party vendor
should assume that all of the information flowing between the business and
its customers has been decrypted and read for an undetermined amount of
time."
"
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk