[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden service may be compromised

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Hidden service may be compromised
From: Kostas Jakeliunas <kostas@xxxxxxxxxxxxxx>
Date: Fri, 11 Apr 2014 18:56:03 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 11 Apr 2014 11:56:48 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=kicn+ll2wBYNZJPp1AeWovu4LfvriCuwo59fmUuQ48Y=; b=M0sZHF+73ATyC2n/KfOLbzUiUyNWUoWO0LWWS31VLkFGoiXGezLdMjayMV8cascokv L3fa8cqA7TXS5ta62eIyMFSNVfsJo+0P7rpOSRnvwfXvJNucKEpoN6LC3RI+6iYc+7tV rLVPtyx3obKEYgtiZdK8A14r1AWypYpWX60VmQyxHU+xLYESI230ywF04T0ovkNVyt0V NnFuvCBuPcrYJEa4RyJnS9rZNwpfPYN1DUSPoj5uxMg5nnl+YSjjYBgKrppc14m4YsXb FdtiuPQSngrQvHESP7AKyM8ZLGsMEN8NsKFAQAiHjzpD6liOIVETwu5vy4w6yxOQvxe3 SFsw==
In-reply-to: <5348080F.2030105@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <5348080F.2030105@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Fri, Apr 11, 2014 at 6:19 PM, Cyrus <cyrus_the_great@xxxxxxxxxx> wrote:

> My hidden service address may have been compromised in Heartbleed. I
> can't seem to reach my own hidden service most of the time. Other
> services I hope so far seem unaffected. I am curious what happens if the
> same private key is used by someone else, and how an attacker might use
> a private key to disable a hidden service. I am currently switching to a
> new key as a precaution. Information would be greatly appreciated,
> because I think someone is blocking my hidden service somehow.
>

i wonder how hard it would be to try and fetch *all* of a hidden service's
descriptors (not "try and fetch the first one i can get"), and then to
compare them.

one would either need to patch tor itself, or one could do it via Stem, but
they would need to do the fetching itself via a tor circuit. might be a
useful diagnostic tool/thingie, hm.

--

Kostas.

0x0e5dce45 @ pgp.mit.edu
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Hidden service may be compromised
  - From: Cyrus

Prev by Author: Re: [tor-talk] Tor and Openssl bug CVE-2014-0160
Next by Author: Re: [tor-talk] Hidden service may be compromised
Previous by thread: [tor-talk] Hidden service may be compromised
Next by thread: Re: [tor-talk] Hidden service may be compromised
Index(es):
- Author
- Thread