[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hacker and Tor.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Hacker and Tor.
From: Jon Tullett <jon.tullett@xxxxxxxxx>
Date: Thu, 1 Dec 2016 11:14:04 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 01 Dec 2016 04:16:23 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=0FUyfnRv8gwgF5wqVQLTFuCtbJD+2U7ssbD5gMVfX2c=; b=IqZsZMuJyVaU8qcGv5D6Ymp1NJ+7lB5ecoDMXZzQkId5+e1mSXwmzGVEACdAJCPj7p XfaqnWI8xwGaWFiC6ypfuRDsVade/fKaZqBlLUTUQSC0Xz2dOserHdLADfBZ3Qb+fYJZ ViYYboFY4FtYtHqA6kC4O3V0S6MLjCDGBUOkz9eQZaWoBRBcxYp9h30pHrVqPiBmKbxZ esLNAIeavwavIiModMd75O/k9+c+2PAEQEf3ddopjSzSgl28dxaL+s0CtYmBLRa0HO5u Dp4fgKJaYF59IiZPf0mtRyi0u7BGFu8co8XcfANgXIkMTZLC7KJdNcLF8EEdMdEqJ5Vi /axQ==
In-reply-to: <1879327911.3336858.1480501231968@mail.yahoo.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1879327911.3336858.1480501231968.ref@mail.yahoo.com> <1879327911.3336858.1480501231968@mail.yahoo.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 30 November 2016 at 12:20, Jason Long <hack3rcon@xxxxxxxxx> wrote:
> It just a question.
...
>  > Hello.
>  > If you browse a Cpanel via Tor for deface
>  > a website then can
>  > provider or Website
>  > admin find your real IP with some
>  > tricks? Any experiences?

OK: yes.

Step back a little. Rephrase it as "if a target browses to a monitored
page via Tor, can a provider find their real IP?" We know this is
possible; the FBI used such techniques against, eg, Freedom Hosting.
It requires control over the affected page, available browser
exploits, and sloppy opsec by the victim.

Given that such a technique works in general, it would work equally in
specific instances like a cPanel interface.

Logically, therefore, the answer to your question is "yes".

-J
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Hacker and Tor
Next by Author: Re: [tor-talk] confusion over verification instructions for build verification on Mac OS X
Next by thread: Re: [tor-talk] Javascript exploit
Index(es):
- Author
- Thread