[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Sun, 21 Dec 2014 21:05:33 +0000
Cc: dir-auth <dir-auth@xxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 21 Dec 2014 16:05:46 -0500
In-reply-to: <549733A7.6070905@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <54972AD3.8070005@xxxxxxxxxx> <CAJdkzEMF-bP0gZupNSuUXgaHVAh1hQyO5u8c8kcy+_3gNMUS_A@xxxxxxxxxxxxxx> <54973111.7000002@xxxxxxxxxx> <CAMtFrUF1CfGq207Qv3tx6Qx47fbF85PgcfHwikBuH9ZPKjm0og@xxxxxxxxxxxxxx> <549733A7.6070905@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

On 12/21/14, Thomas White <thomaswhite@xxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Node fingerprints are as follows, please blacklist ASAP. Some servers
> are accessible via their KVM again but not networked.
>
> D78AB0013D95AFA60757333645BAA03A169DF722
> 6F545A39D4849C9FE5B08A6D68C8B3478E4B608B
> 5E87B10B430BA4D9ADF1E1F01E69D3A137FB63C9
> 0824CE7D452B892D12E081D36E7415F85EA9988F
> 35961469646A623F9EE03B7B45296527A624AAFD
> 1EA968C956FBC00617655A35DA872D319E87C597
> E5A21C42B0FDB88E1A744D9A0388EFB2A7A598CF
> 5D1CB4B3025F4D2810CF12AB7A8DDDD6FC10F139
> 722B4DF4848EC8C15302C7CF75B52C65BAE3843A
> 93CD9231C260558D77331162A5DC5A4C692F5344
> A3C3D2664F5E92171359F71931AA2C0C74E2E65C
> 575B40EF095A0F2B13C83F8485AFC56453817ABF
> 27780F5112DEB64EA65F987079999B9DC055F7C0
> 54AA16946DB0CF7A8FA45F3B48A7D686FD1A1CEF
> 1EB8BDA15D27B3F9D4A2EDDA58357EA656150075
> 17A522BC05A0D115FC939B0271B8626AAFB1DDFF
> 1324EC51FBFA5FD1A11B94563E8D2A7999CD8F57
>

Thank you for reporting this possible compromise. Hopefully the
thieves will be brought to justice!

It sounds like if possible, one should very carefully consider if they
want to have USB enabled in their kernel. If possible, remove it or
replace it with a module that logs details on devices - perhaps
triggering a panic?

I've rejected your relays like so:

# torrrc changes
# thecthulhu reports unknown compromise December 21st, 2014
AuthDirReject 77.95.224.187
AuthDirReject 89.207.128.241
AuthDirReject 5.104.224.15
AuthDirReject 128.204.207.215

# approved-routers changes
# thecthulu reports compromise december 21st, 2014
!reject D78AB0013D95AFA60757333645BAA03A169DF722
!reject 6F545A39D4849C9FE5B08A6D68C8B3478E4B608B
!reject 5E87B10B430BA4D9ADF1E1F01E69D3A137FB63C9
!reject 0824CE7D452B892D12E081D36E7415F85EA9988F
!reject 35961469646A623F9EE03B7B45296527A624AAFD
!reject 1EA968C956FBC00617655A35DA872D319E87C597
!reject E5A21C42B0FDB88E1A744D9A0388EFB2A7A598CF
!reject 5D1CB4B3025F4D2810CF12AB7A8DDDD6FC10F139
!reject 722B4DF4848EC8C15302C7CF75B52C65BAE3843A
!reject 93CD9231C260558D77331162A5DC5A4C692F5344
!reject A3C3D2664F5E92171359F71931AA2C0C74E2E65C
!reject 575B40EF095A0F2B13C83F8485AFC56453817ABF
!reject 27780F5112DEB64EA65F987079999B9DC055F7C0
!reject 54AA16946DB0CF7A8FA45F3B48A7D686FD1A1CEF
!reject 1EB8BDA15D27B3F9D4A2EDDA58357EA656150075
!reject 17A522BC05A0D115FC939B0271B8626AAFB1DDFF
!reject 1324EC51FBFA5FD1A11B94563E8D2A7999CD8F57

All the best,
Jacob
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Thomas White

References:
- [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Thomas White
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Damian Johnson
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Thomas White
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Runa A. Sandvik
- Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
  - From: Thomas White

Prev by Author: Re: [tor-talk] HR4681 Sec 309 communication privacy legislation
Next by Author: Re: [tor-talk] Thunderbird 31.3 fails to load with Torbirdy 0.1.3 (Windows 7)
Previous by thread: Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
Next by thread: Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation
Index(es):
- Author
- Thread