[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
From: nusenu <nusenu-lists@xxxxxxxxxx>
Date: Wed, 19 Aug 2020 20:46:03 +0200
Autocrypt: addr=nusenu-lists@xxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFj53gUBEADYKwT0pW1yiqt6UReZW8T2nXVCyeVT2G6z7AvW69afp82uthRH237pQ7Qs 5vq91DivN6fGN6cVksp0N9Yv+5HEQAwUxpLfcNDcGzmHMd0JMItEtozGv3a4FuiUoHAqeGXM 6Kzi3v5F2PZGF+U4QaGKEZq6u50gO/ZFy4GfC9z9tsO6Cm7s7KldVHMGx/a0MEGMwh6ZI9x2 hGXSSAKu58KRUkEpHzDiQTj+/j58ndNfZRQv6P5BLppHADRPqwEOm4RQcQYskyM0FdKXbJ8E 5GW268meflfv2BASsl3X/Xqxp+LNrstXIbFZ+38hVlQDDmdvaASpPTzIAxf8FxMYZqI+K1UE kP5nU45q84KiZoXwT6YYJDKToLSDnYkKlsrCSnLkE3Nb/IexgNoYO4nE6lT9BDV3athQCWw1 FwB5idRYWnIqbVgUFgYZDUdZBJmeTEeI+Wn5hFz6HvFVc/+haMVTcoEKSkG/tsSGsKOc2mp6 z+71io9JWrVQGmw7OeZeE4TvkF9GhwS8jrKO4E0crfcT/zT6368PZCO6Wpir8+po/ZfOWbbh 1hi3MxmXn4Fki55Zrvhy3sf28U+H/nByQV4CssYv/xVhIZsN/wNQLcDLgVs4JTBUik8eQR0Y Qrq9lG3ZVtbpEi7ZTJ6BOGIn2TKHsVIVGSQA0PdKpKYV45Lc4QARAQABtCBudXNlbnUgPG51 c2VudS1saXN0c0ByaXNldXAubmV0PokCVAQTAQgAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIe AQIXgBYhBJaQzx+7tCmFlU3yu61hOMJFzUJ+BQJevydnBQkGspdiAAoJEK1hOMJFzUJ+oh4P /R+cSCszon9qrG2JaUSEaDVOTTJ8idR7Q2QEzumD9QCmvBxxZaSd/l53Koebm6Y6DQ3/bw3D +SSy6vwvpWBpBMBI0MGDvNLUUUgW8FlPxOXYkPItdvjbLYcEjYCyOOXB63b2OUx3KAdPScwI FIvm2QAwILQf2BwrNglWoDVH9HKBGp8nkQg2co08/HxkJ/19CkXpEa3CGCV7yo059bIJr7+S OLxKlLiyzDRK7dyIN/wL+ZJwBORzQ7F8JiHGzIK5XAMeDe4ehnLDd1AaTvTDPGlaUlrFxvQd FjPCZXVWH1QFCWLveZI2cCkPW2Nbv0FtuqWhSyFpNX+Fyo46JDw2VqIdNmLdm1lxYnxNBLzp aefgzU6yYyPy1u5mAjm5llqzNpNmxbVyGSeBRbxXiR7RmP2PKiiQds2OmXhMa/fcEc2l4i63 lEOquOfnBbTmw5p8fdTeE4aIgv6eVR1O1sL+ZWQaqxR8ssfYIehYoxzMkLwDPyWfjLEK2rg9 ujH+3rHAraHYggcDgvsPNRQ7tM0iLtFB+/g5GbPQsRutZR4oxTujwglp+4BdFZZQZmR2ONSk g/k01IMToD/mDWP9KQQ5qqAO+97rsBoJAES40JxEV6PtHA55kUglGYdLV39CV0Iq6B9OF7jC dezf7e+LVK9NHpmxkQ1cxGv1KE2ElLTBLHfFuQINBFj53gUBEADAlnpTtRPy4HVYJ8srcA5H VZr1vM4CCGVNHhZdscHhqNAobv8XO5331ufAPRXf8A5XP9JsYPId77scy93UDQuXg2DIfo6n FjvA7AJcBhMBtxcukzt4pOOOxv0D1cbcVwga+NzLvo6Rp7CqGIAFpKGVK0Rhw+RG6wdm55xe 0Kd8KMkqKFT+SKdakE72BjpKsXYoULBp5LivftutdD3Ly7LeBnXrxAW4hrkAp8vSvlg3eThK 01IDanln+m59Zcw3cHTdAL7d+Kt6LPd2KeUcrpeNRbyhZJ03EmF7FP+VTD56mKw25ZNCu7Ls 8P4d6iFgZeqOCCY9SJZzXvVJ7BvZ/wcIdWIcx57xBeqj8tJGRhWu2zHQdRIwqxVA6Zr+7YHL Te5yugiRAlBB+pfdikrWLcSlQ7YvT+YTxSkG9SbW+uy3ngQXKbi1g0lOP2t5V98UqHZxzOY9 U3mjy/dGt1MX3qYa1xv0QlsZXjbvtkQupSym+IQFfKepTfJnjwmEhYePbb+FrpN4GlqlhkM4 nyV4953wTfgn8ZgTZheXrkuGlcAq9bM7cqIHIYzKxv0uLrOpn38FhC2DkIDpDw6jukHEriKI MfcZfZa/KaYuho4Gk5ohh28qvf19qMSbN9uDtN1kpfGqnYoOtvDu9QksPKuY9anEfKEoci3O iLVjn3DNhKreHQARAQABiQI8BBgBCAAmAhsMFiEElpDPH7u0KYWVTfK7rWE4wkXNQn4FAl6/ J2sFCQayl2YACgkQrWE4wkXNQn5+RhAAkdSze4EXa+GHsdKqv+JSIgpflI0uT5SDxycGUyL2 p76AuHl7+P/tQK+4gzV0eRpdCuDfYI8BTDmaBXSA+acNofrhWtYC4VcgsxeqNjTzBJXCTgb+ /Y8ba0Z0ggDEfsH4TSOnt6yYLheVxy6OYddghg/woPnCiImz/Y7fhSiCRugG1N/+5euCevuy wWSmMLUuqGAxN9MHE2NUsWJMFdFRFT2jdFMusk+T+rwr2OB2bu7Vma0uweu2nG2lHB1QYUu5 llQXbkUPy9z5SUXvTWZQkMbeQigrAXpfO7Jov++TAelNAPY0hZQQ9Ou8wrLvZA7fLNB6Apgu Pdi2l9OkRMROsMNYuh0h2oQ6KCXx50HQ5sbaceFRkzk8g0KphPrLOsL2jZEk4nNdZxoL3nW9 2zWJfRbq8LfJktO4UP1MwIBrnoM9aj2ooBf8Vn0VKaacfJrd2iWjktDDOJigWIUEBCvJoxkF x5IFj8igcHVQgZumYqgg1FOF3vSozDAskASuqdb8Cv5mkfd+3KXYGEAHgW7hOJhJwBWwx0UC v+bXsPEQJsJ+atq5k4/Dox7sNdUxoaGSv3NmK+4uvmEdbIT/zGl1rTtHnfot8yEULF7Em2ia /qG+Sp2fbPeSxeHUqhLTu1jComXEZv59HnNhlcJeAxKFXoiAFCFV4XbKdVG2bKh434c=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 19 Aug 2020 14:46:23 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1597862770; bh=dggiz9LTZlloeiqBui5ZEKqyEn5joEZmHI/RCqLN5YQ=; h=From:Subject:To:References:Date:In-Reply-To:From; b=PgFFYPKWV0JXMS+SvXf23nBEr0UfXYHDx2MdLu0j0t9HtW3jWWP8Y4tWhFwsTm6/0 KDCwzEnDC9MsVHhFNgFnCGqsiNXsZX11HNGCKDoSf9bVo1fWA7434638ZjH5OvKifD s/th5Zlb+Mqj82wSt74Lb8H5m6pAO5PdfsedDDqU=
In-reply-to: <90bfdb7f-5907-c9f8-a762-27ef91033717@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <730db076-2e22-3aae-41dc-6e3fe5952aa9@riseup.net> <CAHcjhEHhNw5vB=p-0q5nRKP+fHDAG-XmQuPi=K5GCAE10iDnQQ@mail.gmail.com> <26053174-9407-4B29-8CA3-DCB163F537D7@to-surf-and-protect.net> <20200814171235.GC4255@moria.seul.org> <732358C7-600D-4748-BDE5-31B035C2D9CD@to-surf-and-protect.net> <f5e15f20-dcb2-8685-7120-87e7711d0b06@riseup.net> <90bfdb7f-5907-c9f8-a762-27ef91033717@torproject.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

>>> https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
>>>
>>>  There are multiple indicators that suggest that the attacker still
>>> runs >10% of the Tor network exit capacity (as of 2020–08–08)
>>>
>>> And on this one: I trust nusenu who told me we still have massiv
>>> malicious relays.
>>
>> as some of you have probably seen already
>> now a fraction of them got confirmed to run the same attack tools:
>> https://twitter.com/notdan/status/1295813432843829251
>>
>> Unfortunately this is not the end of it.
> 
> Yeah, it never ends. It's an ongoing issue.

Until rules are in place that reduce the risk from this reoccurring on this scale and at this rate.

>> What I'm still wondering about is: What made Tor directory authorities change their policies and stop removing undeclared relay groups?
> 
> I don't think this is the right list to ask directory authorities about
> that. 

It was meant to share my thoughts on this (more than actually expecting an answer even though there are actual dir auths on this list).

-- 
https://mastodon.social/@nusenu

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
  - From: nusenu
- Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
  - From: Michael Gerstacker
- Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
  - From: niftybunny
- Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
  - From: Roger Dingledine
- Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
  - From: niftybunny
- Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
  - From: nusenu
- Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
  - From: Georg Koppen

Prev by Author: Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
Next by Author: Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
Previous by thread: Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
Next by thread: Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
Index(es):
- Author
- Thread