[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Facebook brute forcing hidden services



It appears that someone has been issued a facebookcorewwwi.onion cert
from another CA as .onion has no way of verifying a collision.
https://news.ycombinator.com/item?id=8538527

On Fri, Oct 31, 2014 at 12:12 PM, Andreas Krey <a.krey@xxxxxx> wrote:
> On Fri, 31 Oct 2014 16:49:38 +0000, AFO-Admin wrote:
> ...
>> Hi,
>> i really think that this is a good thing, because i think this hidden
>> service will get a lot attention in countries where Facebook is
>> blocked.
>
> In blocking countries you'll use Tor whether you to the .com
> or the .onion domain. The way around the block is tor, not the
> hidden service.
>
> The hidden service add a protection layer to the traffic from
> the tor network to facebook, but they are using SSL anyway.
>
> And it remains to be seen what they do with static assets
> that are loaded from different domains - but actually it wouldn't
> matter when those are not going through the hidden service.
>
> Andreas
>
> --
> "Totally trivial. Famous last words."
> From: Linus Torvalds <torvalds@*.org>
> Date: Fri, 22 Jan 2010 07:29:21 -0800
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk