[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
From: ÐÑÑÑÑ ÐÑÑÐÐÐÐ <art.istom@xxxxxxxxx>
Date: Wed, 17 Sep 2014 10:45:47 +0000
Authentication-results: smtp12.mail.yandex.net; dkim=pass header.i=@xxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 17 Sep 2014 06:46:24 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1410950740; bh=nhxRmaWPzzBE63mmkuBvEkXYQsNNmUBdBI1PHaACIL8=; h=Date:From:To:Subject:Message-ID:Mail-Followup-To:References: MIME-Version:Content-Type:Content-Disposition:In-Reply-To: User-Agent; b=n8H95D1GuQR/CFQ/sjvjqWvQLUDpzzTKD7CLjXj6sR/aIOP55RBlNLKjd/yxeiLc5 Lu6MVU0RHRJkRld91wbuAX3VfEuRnMJ1Ki9Hv+Nxg14/aXNEwoSweqh5wdaT+BmaMa Dl3Cl/BrYbNKk52Lo7s0KPD8wlI35VIyx1vfnt9w=
In-reply-to: <d99a66e76527ecf9696bd35286fa4cc0@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@xxxxxxxxxxxxxxx> <20140814001854.GO8819@xxxxxxxxxxxxxx> <cd0f0f8d006df59c665f6e8cba21e16f@xxxxxxxxxxxxxxx> <540D5911.1060506@xxxxxxxxxx> <7f4a7e28fce1849455b0d162fddf059f@xxxxxxxxxxxxx> <540D685A.9080600@xxxxxxxxxx> <c31b4308564c424f53838ac19d02a2cc@xxxxxxxxxxxxx> <540FBDB9.30509@xxxxxxxxxxxxxx> <d99a66e76527ecf9696bd35286fa4cc0@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.23 (2014-03-12)

On Wed, Sep 10, 2014 at 12:26:03AM -0400, Griffin Boyce wrote:
> Kyle Maxwell wrote:
> >Griffin Boyce wrote:
> >>Actually, no, I *am* surprised that they decided to not even
> >>bother trying to gift malware to Mac or Linux users.
> >
> >Probably just playing the odds, I'd suspect. Though they could've
> >examined the access logs at some point - do we know either way on that?
> 
> Hey Kyle,
> 
>   With Freedom Hosting, I actually don't know.  It seems like few technical
> details have come out of that case.  However, I *do* know that they'd been
> hacked at various points, and the service had very poor security overall.
> The restrictions in place did not actually prevent php files from creating
> *other* types of scripts...  Their sandboxing was reputedly quite bad, and
> for years they had no restrictions on resources that users could utilize.
> So creating an app designed to expand to occupy all resources on the server
> until it crashed was highly effective.  The server itself may not even have
> kept access logs.  It's unclear.
> 
>   With SilkRoad[2], supposedly investigators imaged the entire drive, so
> this should still be possible.  In any case, I think it's important to avoid
> taking the investigators' statements at face value.  Weev mentioned that
> investigators made dubious technical statements in some places, and while I
> haven't read all of the documents to come out about this case, that's
> certainly within the realm of possibility.
> 
>   There are likely still details that haven't come out yet about both cases
> (though I can't know for sure) and it's not entirely clear what level of
> technical expertise various people have.
> 
> Things that are important to note for hidden service operators:
>   - Firewall rules are really useful for keeping out unwarranted scrutiny.
>   - Don't hardcode your IP address in any links (though this is one of the
> least-likely theories).
>   - Having a pseudonym isn't a replacement for excellent security practices.
>   - Don't run a hidden service host.
>   - For best security, run your own services rather than relying on someone
> else's security.  I feel like this is often overlooked in the name of
> "easiness" but it's really important IMO. [1]

Is it does not contradict with previous statement about "don't run a
hidden service host"?
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Griffin Boyce

References:
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: blobby
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Mirimir
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Griffin Boyce
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Mirimir
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Griffin Boyce
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Kyle Maxwell
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Griffin Boyce

Prev by Author: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Next by Author: [tor-talk] torsocks with mutt
Previous by thread: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Next by thread: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Index(es):
- Author
- Thread