[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Rumors of Tor's compromise



On 26.10.2011 16:33, phillip@xxxxxxxxx wrote:
> On 10/26/2011 05:42 PM, Orionjur Tor-admin wrote:
>> On 25.10.2011 15:04, Andrew Lewman wrote:
> 
>>> We're reading the press articles, pastebin urls, and talking
>>> to the same people as you. It appears 'Anonymous'
>>> cracked the Apache/PHP/MySQL setup at Freedom Hosting
>>> and published some, or all, of their users in the
>>> database. These sites happened to be hosted on a [Tor hidden
>>> servce](https://www.torproject.org/docs/hidden-services.html.en). Further,
>>> 'Anonymous' used an old denial of service
>>> attack on 'Freedom Hosting' known as the
>>> [slowloris](https://secure.wikimedia.org/wikipedia/en/wiki/Slowloris)
>>> attack.
> 
>> [Off-topic]Anonymous are very strange people. I cannot understand their
>> political position. I understand their actions such as "Occupy
>> Wall-Street", but I don't understand their fighting with "pedophilia".
>> 'Pedofilia', in the general rule, is not a good thing, but it is not a
>> global problem such as poverty, starvation, social inequality and etc.
>> Furtherinmore buorgeois governments use "fighting with pedofilia' as
>> pretext on suppresion their people, breaching human rights, banning
>> normal human life on pseudo-religious basis (I am meaning various
>> interdictions of sexual life of teenagers, i.e. quite ault for sexual
>> life people, and etc.)  and creating low-cost labour power in type of
>> prisoners for their capitalists.[/off-topic]
> 
> 
>> So ddos-attacks on exit-node are possible?
> 
> As the hidden services are running inside the tor network, exit-nodes
> are not implicated in this attack, they just have exhausted the HTTP
> process using some Slowloris attack in conjunction with sql injections
> to retrieve the users credential that were using this web sites.
> 
> Best,
> 
> Phillip
> 


It is very interesting for me, if I run hidden service on my remote
server not for hiding it from external world but for increasing my
anonymity in matter of managing that server (I usually connect to them
using hidden service runnig on ssh-port), is it possible todeanonymize
me if my server (any soft on it) will be compromised?! Not of
localiztion of my server but loclization of me, its admin?
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk