[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Facebook brute forcing hidden services

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Facebook brute forcing hidden services
From: Colin Mahns <colinmahns@xxxxxxxxxx>
Date: Sat, 01 Nov 2014 18:53:50 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 01 Nov 2014 14:52:53 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1414867960; bh=GiIg68LP45altO9xuf7b/eQqZbHFUnnh1OObgGnZrIQ=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To:From; b=dTjH5eRkMiwWRizvjrtxlhFKlNy3oP4VwHJEyqKM6G5BX6MxtUJqm+jV5IzvS7aJl TwapVAF8u3uw+U85odBQJa0ytT4tPqR35zlcfTdgayysq/c1z+NEfkI2dFCqpsz3lW N8kO94ZWX3sp7qQEhh+RE/K8epHYPmzLw47Lf8VA=
In-reply-to: <91CCDDFD-A909-45DD-9228-2C836876F17D@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20141031122302.GA5554@xxxxxxxxxxxxxxxxx> <D078CF97.816C%alecm@xxxxxx> <91CCDDFD-A909-45DD-9228-2C836876F17D@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hey Alec,

I'm one of the developers on darkweb-everywhere. I was playing around
with having fbcdn.net redirect to
fbcdn23dssr3jqnq.onion with a rule, hoping to cover instances where
people have linked directly to images from Facebook.

Since the cert Facebook is using doesn't have a wildcard subdomain for
the hidden services, the user is presented with a mismatched exception
error. Obviously this isn't intended so I figured I would reach out to
you about this :)

Here is the example I used [0][1] I included both the original link
and the redirected one. This was found by searching for site:fbcdn.net
on Reddit and picking the first non-broken safe for work image I could
find (this was surprisingly hard!).

I'm not too familiar with how Facebook handles these links, or if this
is even expected behavior. It seems the fix should just be reissuing
the cert with a wildcard flag, but I could be wrong. Any ideas?

I'm cc'ing tor-talk on this email since I figured more users reading
this can't be a bad thing.

[0]:
https://scontent-b-iad.xx.fbcdn.net/hphotos-prn2/t1/1896752_807594532587586_979724882_n.jpg
[1]:
https://scontent-b-iad.xx.fbcdn23dssr3jqnq.onion/hphotos-prn2/t1/1896752_807594532587586_979724882_n.jpg

Colin Mahns
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUVSw5AAoJEPKk/ZeJv4OMa5AP/16XtoE5I8Sl5OylDd0pyzWn
QHz+7D1idEKOSjIq8ufdHCiFyxsJO5sDHWdxVI1sDuo98YNlYYtNkmkHnKdqT2rl
QW1DJzK8QUxVxRPwtbXdvwRHlKlkW3TSAHQztKoci4x+2JAy2bR5tcUi9mE1KBwj
5UQoK8ZsF7OXFla22iiDVAz2GQyFRUZ0B7AsLjFp+YZz2oPuAvpISsGnDdgAO08E
QeJNdAZnCTzww6LJffrBcVMu10sLvesGrPSqDYMUIFQ6fwCDSU6D1Y1eTs8FtEIl
pRd/PHTZuNnUhNA3sJJQ7v3FF0FXfLHX13uf6elpL3ySOX/2ynTrWop5GFBjNXSa
wrp+nbVVw3hd1NZZufUcSDx+3h3ltzGaFmN/OXPN4+KzIIOUjGovCWGaVPOSpbMv
H44DQZzGaoTaJJO5KzW0xvRGuPLUMbRJjgLR+/FDE3iqfk7g8j4ipVa0mDlZATZP
p7fJbDcNzgjwzvZ1f+eva3515X/1A4oAx5UOaJIj0dzv65QtpFVlia8Cm2Vi8R3g
oC35XRkkcQpcx0nVFW9RcnZ/MGyPhXRJIoVV0vr+kZgChiQWmzc5K+2guU6Nke1d
UFt1AoQUatVrZ6QAmzIDnjul7lTkpJa3Wkj0pxqlbw7iKzpgJXn+znPflxnsS/aV
u9L6TycslYy5AxaOfa0f
=boAs
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] latest generation traffic confirmation attacks
Next by Author: Re: [tor-talk] DogecoinDark Cryptocurrency is now fully dark using Tor
Previous by thread: Re: [tor-talk] Facebook brute forcing hidden services
Next by thread: [tor-talk] Cloak Tor Router
Index(es):
- Author
- Thread