[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] What happens when an .onion site is compromised?
- To: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-talk] What happens when an .onion site is compromised?
- From: Mirimir <mirimir@xxxxxxxxxx>
- Date: Thu, 6 Dec 2018 18:37:48 -0700
- Autocrypt: addr=mirimir@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEN49cBCADWl1VZKYO8L+f/65G2nBWzh41VTAZDcJSxMWXrBSvpJzzLt6sJf0L0Rjmy W4VPxJMCm/32auRAp8Xx1iNmBpvYENSM1YJVWfk43tlSOY8CR3TVODMxWPhUu48Pb9OKSntz WHGwdZmOr14zF9vr4PaS9A6+Hyt9FPKuGcQFw7K8jK1Hpp5XgdY/DMHKeaJykJ8JH1HBTFTT OJdxIWu6cZ+spNaNfKdnNjk98hMPw69isVGzcm7b3lJUsjVnMSqnrtZ8CSIv1njyxJH7NB5n LzrE7EiXR37k+4Poc9/DeLSAKrq5N3ZMpX1EDOoXFa8lLVGWHBTwVN/tl7FLM0NmVuL5ABEB AAHNHG1pcmltaXIgPG1pcmltaXJAcmlzZXVwLm5ldD7CwIEEEwECACsCGyMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAhkBBQJafNQ7BQkNMVdkAAoJEGINZVEXwuQ+5LoIAKyZQDkNqj+Y E26o1bdEQlmOLhhXev45euNCnaFrnbOyKLivHdF4vvXyWBTzJmCsoRxTJ0A3Zmwa3ZihbKaU FCAdRgspLfA+TGICVYOztB+faWV18k5OTCk7ZiBQ/mOMQA4p3RPOV+UCgdelvZRHrFdUgHro dho/FqZhRoPdsPPB08QBisDO7SfFMMe9U9EZ03n4f2TvMgaTjK/kZCopwgLj2nB11SnCYfWJ jxUFDs+VFObf/jSK8T0SX9O6p430NWZm30vutUVac9lfodMjBcJqTnFxmZrwQomlCYGvSqNw 4Xy5+/gBzv/flXHngQSU053smHRtrMlGK5OU1RSixDfOwE0EUQ3j1wEIAMDcexhcaIO5jpl+ SHM14zuBvF2QG61IpH4Lag6nQmSMTljizuJg2kLaLbfc69AxmjuL5obqYi5ywXn4kQKqiwfa OHvVlKn662/J5YgXuc8tRLyqvgb+hibtAnlhWAuusP0eoQQP6SAASRjtrb8RVapTzJXy2Snf PtkcdtkTLLLcyeGoDOkpPkspnnp8avvI9ayzhGFLg9qNWaIuBMudxT6oHK4rZH+Sv6km9viI /ziV6E8Z+PpvMsGdebeYBLQA7ueuTbyOGbDyProwvocrKynI/UM40VYS8bS1PjWtljUlj7Vx 8C/746hnfdge0m24jnaWfu5UDjwpsHzs/JXqklsAEQEAAcLAZQQYAQIADwIbDAUCWnzURgUJ DTFXbwAKCRBiDWVRF8LkPsCjCACNvnnmpcDwEbtXUFZD/+ewNlPfM9o0mIXgi7DIVR9MVCw/ u14+mJUlQny4jPRV+hv/erjbiqEcVPZ296J3I4kUvO4slI+ZyODsRQSzwMz6ihwC6nN1xove YSBzVKKQrV+FDHVk6dJVLtgPdewOR9ZAar7mEbCLTJZ/e5aVb+NrlC1jWx3V3mMGCKOsEHhu 97cu3AswlxhzqPjczTo3rjtcfxdjeGU6mIEEAlhUlVDdfbGLODIyCXrP39zYxYXFFpVcbGAu +cndl1AQkIXUiMoJuzTMU8TQ+zz8yLof9fB7Y8O8VbmZBPQqN2IiHPeGbfqZjk/uHjJQUayI +beL0kxL
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Thu, 06 Dec 2018 20:38:09 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1544146672; bh=E6w8u8qGCQvT4bIZDRlawDOvadJuLKyXA9mydFcjfw4=; h=Subject:To:References:From:Date:In-Reply-To:From; b=Ub9/bDSWekTa5a2iBOGDhKjvG67SK7jsh1K/kI2k+NbSrGJpDMhLHKDHBGSDUrflu r4IftQUxjiRrW8ZYueWoTuwGn/BQDL6dCbMGQ9a8AZhe4LkvOB/nHVFVsldhuHMHfW 7u/uw6BOPJpYtVEQj2z9ydFDf9k9ELJER1rG7hWQ=
- In-reply-to: <LT4HXpw--B-1@lunorian.is>
- List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
- List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
- List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
- List-post: <mailto:tor-talk@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- References: <09f42f8ea8bdb3dd0537e8031d72f382.squirrel@tt3j2x4k5ycaa5zt.onion> <LT4HXpw--B-1@lunorian.is>
- Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
On 12/06/2018 01:51 PM, Nathaniel Suchy wrote:
> If an onion site is compromised, you can serve the user malicious content and with a Tor Browser Vulnerability can harm it's users.
>
> If your private key is compromised, your only recourse is to go create a new onion address.
>
> We don't know what vulnerabilities exist in the current version of Tor Browser. If IP Leaks and zero day vulerabilites put you in physical danger, consider Tor Tails. It uses firewall rules to try and block non-tor traffic. It's not bulletproof but simple proxy bypasses are mitigated.
Whonix is arguably more bulletproof, in that the tor daemon and Tor
browser (along with many other apps) are on separate virtual machines,
which can be running in VirtualBox (easiest), KVM (harder) or Qubes
(arguably hardest).
So Tor browser and other userland apps can not reach the Internet except
via Tor. And for malware dropped in the Whonix workstation VM to mess
with the tor daemon, or reach the Internet, guest-to-host breakout is
required.
Also, Whonix gateway and workstation can be separate physical machines.
That makes breakout even harder. Not impossible, of course, but harder.
> Regarding the "CP Site" that you mentioned, the thing is that if the pedophiles had been using an up to date version of Tor Browser or you know, not looking at child pornography on Windows (macOS / Linux builds were not targeted as far as we know), they would not of been caught and would have remained free.
Yeah, that was all Windows malware.
> Some lessons learned...
> 1) Keep Tor Browser up to date2) Don't do illegal things on Windows, it has more users and is easier to mass target the most criminals by focusing on Windows hosts
> 3) Maybe, just maybe, don't look at child pornography in the first place
>
> Cordially,
> Nathaniel Suchy
>
>
>
> Dec 6, 2018, 3:33 PM by jiggytwiggy@xxxxxxxxxxxxx:
>
>> Imagine that an .onion site is compromised. This could be by the owner who
>> wishes to expose visitors or by the police who want to target the
>> clientele.
>>
>> (I remember, in the later case, reading something on Deep Dot Web about
>> when the FBI took over a CP site and installed malware).
>>
>> The goal is to acquire users' real IP addresses.
>>
>> What would happen to a visitor if they visited a booby trapped .onion
>> site? The visitor would be using the current version of TBB. How would it
>> be possible for a visitor to be in danger?
>>
>>
>> --
>> tor-talk mailing list - > tor-talk@xxxxxxxxxxxxxxxxxxxx <mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx>
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
>>
>
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk