[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Secure Hidden Service
Hi, I made a very basic python script to help people setup their hidden
service. Maybe this could be useful for some people.
https://github.com/Dedal0/Tosc
El jun 26, 2014 3:12 AM, "Mirimir" <mirimir@xxxxxxxxxx> escribiÃ:
> On 06/26/2014 12:50 AM, Tor Talker wrote:
> > On 25 Jun 2014, at 11:09 PM, Mirimir <mirimir@xxxxxxxxxx> wrote:
> >
> >> ... any Tor user can host a hidden service. But few people, even
> >> experienced web engineers, know enough to do it securely enough.
> >> Also, hidden services are far more vulnerable than Tor users,
> >> simply because they serve stuff.
> >
> > OK, I'll bite.
> >
> > Are you saying that experienced web engineers are not capable of
> > designing systems with security and anonymity in mind, or that that
> > there are generally hidden risks in setting up the Tor rendezvous
> > connection to a local server? We can agree not to trust random
> > software architects/implementors, but I can say with confidence that
> > my team is very competent and security minded (though new to
> > publishing Tor hidden services).
> >
> > More to the point, do you have specific concerns regarding the
> > Linux/Tor/Apache/Perl stack we are using? We do sanitize error
> > messages to prevent Apache from leaking system information, but
> > that's really the only special effort other than maintaining good
> > overall system security.
> >
> > What sort of vulnerabilities would you expect to see?
>
> Well, this Tor Blog entry[1] is a good place to start.
>
> There's also a fundamental bind. Unless you physically control your
> servers, they aren't really your servers. And so you want to avoid using
> cloud services or hosted servers. But if you do physically control your
> servers, you're directly associated with them. And you are betting the
> farm that they won't be found (or on your lawyers).
>
> Resolve that, and you have a great business plan :)
>
> [1] https://blog.torproject.org/category/tags/hidden-services
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk