[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Facebook brute forcing hidden services
It appears that someone has been issued a facebookcorewwwi.onion cert
from another CA as .onion has no way of verifying a collision.
On Fri, Oct 31, 2014 at 12:12 PM, Andreas Krey <a.krey@xxxxxx> wrote:
> On Fri, 31 Oct 2014 16:49:38 +0000, AFO-Admin wrote:
>> i really think that this is a good thing, because i think this hidden
>> service will get a lot attention in countries where Facebook is
> In blocking countries you'll use Tor whether you to the .com
> or the .onion domain. The way around the block is tor, not the
> hidden service.
> The hidden service add a protection layer to the traffic from
> the tor network to facebook, but they are using SSL anyway.
> And it remains to be seen what they do with static assets
> that are loaded from different domains - but actually it wouldn't
> matter when those are not going through the hidden service.
> "Totally trivial. Famous last words."
> From: Linus Torvalds <torvalds@*.org>
> Date: Fri, 22 Jan 2010 07:29:21 -0800
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to