[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Facebook brute forcing hidden services

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Facebook brute forcing hidden services
From: AntiTree <antitree@xxxxxxxxx>
Date: Fri, 31 Oct 2014 12:52:27 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 31 Oct 2014 12:52:40 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=9EAdEgCNuu7R2V5ZqcusnbbAggXtF87iEDNrcbevRqo=; b=HjUc7lhj0C0tzN2vZJe3yIQptW61aL6RYdCN9fPpNtjoQ3dVlyvGGyZbwpQFmIC2lj NoRaMbcKpgiwAv7nsQeSQplPVtuPRtBjUKDBQfx2cTXOLYwbA0+8bWUAmGP+p7QvKEbk 5DPxm++05XRRbEnlfRshP3AEEK+HNof/gSGn8yXBGV2J3fbGySQc+75yfwTiuPzX/ZBM GigGzEq5QTjYSBwjkxaO506iI6Lllt/3QkENffD6j50rRS8Oa0tzyIf+ooGBz7RniOr6 N6OZL0MpuJQDbWYA4vPJga2IBYPeqIMC0gm3lIdPg6DRiXZ2ueflFXSV19DeegHQyEaB GQ8w==
In-reply-to: <20141031161231.GE25941@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20141031122302.GA5554@xxxxxxxxxxxxxxxxx> <D078CF97.816C%alecm@xxxxxx> <5453AF92.906@xxxxxxxxxx> <20141031161231.GE25941@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

It appears that someone has been issued a facebookcorewwwi.onion cert
from another CA as .onion has no way of verifying a collision.
https://news.ycombinator.com/item?id=8538527

On Fri, Oct 31, 2014 at 12:12 PM, Andreas Krey <a.krey@xxxxxx> wrote:
> On Fri, 31 Oct 2014 16:49:38 +0000, AFO-Admin wrote:
> ...
>> Hi,
>> i really think that this is a good thing, because i think this hidden
>> service will get a lot attention in countries where Facebook is
>> blocked.
>
> In blocking countries you'll use Tor whether you to the .com
> or the .onion domain. The way around the block is tor, not the
> hidden service.
>
> The hidden service add a protection layer to the traffic from
> the tor network to facebook, but they are using SSL anyway.
>
> And it remains to be seen what they do with static assets
> that are loaded from different domains - but actually it wouldn't
> matter when those are not going through the hidden service.
>
> Andreas
>
> --
> "Totally trivial. Famous last words."
> From: Linus Torvalds <torvalds@*.org>
> Date: Fri, 22 Jan 2010 07:29:21 -0800
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Facebook brute forcing hidden services
  - From: Mike
- Re: [tor-talk] Facebook brute forcing hidden services
  - From: Mike Cardwell

References:
- [tor-talk] Facebook brute forcing hidden services
  - From: Mike Cardwell
- Re: [tor-talk] Facebook brute forcing hidden services
  - From: Alec Muffett
- Re: [tor-talk] Facebook brute forcing hidden services
  - From: AFO-Admin
- Re: [tor-talk] Facebook brute forcing hidden services
  - From: Andreas Krey

Prev by Author: Re: [tor-talk] Facebook brute forcing hidden services
Next by Author: Re: [tor-talk] Hidden Services - how to implement something like Round, Robin DNS? (coderman)
Previous by thread: Re: [tor-talk] Facebook brute forcing hidden services
Next by thread: Re: [tor-talk] Facebook brute forcing hidden services
Index(es):
- Author
- Thread