Delivery-Date: Sat, 01 Nov 2014 14:52:53 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 6AFBA1E0388;
	Sat,  1 Nov 2014 14:52:51 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 733543107C;
	Sat,  1 Nov 2014 18:52:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9666A31061
 for <tor-talk@lists.torproject.org>; Sat,  1 Nov 2014 18:52:43 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 8XM0njRK5czD for <tor-talk@lists.torproject.org>;
 Sat,  1 Nov 2014 18:52:43 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 700F431056
 for <tor-talk@lists.torproject.org>; Sat,  1 Nov 2014 18:52:43 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 70CF5410A5
 for <tor-talk@lists.torproject.org>; Sat,  1 Nov 2014 18:52:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1414867960; bh=GiIg68LP45altO9xuf7b/eQqZbHFUnnh1OObgGnZrIQ=;
 h=Date:From:Reply-To:To:Subject:References:In-Reply-To:From;
 b=dTjH5eRkMiwWRizvjrtxlhFKlNy3oP4VwHJEyqKM6G5BX6MxtUJqm+jV5IzvS7aJl
 TwapVAF8u3uw+U85odBQJa0ytT4tPqR35zlcfTdgayysq/c1z+NEfkI2dFCqpsz3lW
 N8kO94ZWX3sp7qQEhh+RE/K8epHYPmzLw47Lf8VA=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: colinmahns) with ESMTPSA id 5B4F9426FE
Message-ID: <54552C3E.2070904@riseup.net>
Date: Sat, 01 Nov 2014 18:53:50 +0000
From: Colin Mahns <colinmahns@riseup.net>
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <20141031122302.GA5554@glue.grepular.com>
 <D078CF97.816C%alecm@fb.com>
 <91CCDDFD-A909-45DD-9228-2C836876F17D@riseup.net>
In-Reply-To: <91CCDDFD-A909-45DD-9228-2C836876F17D@riseup.net>
X-Virus-Scanned: clamav-milter 0.98.4 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Facebook brute forcing hidden services
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hey Alec,

I'm one of the developers on darkweb-everywhere. I was playing around
with having fbcdn.net redirect to
fbcdn23dssr3jqnq.onion with a rule, hoping to cover instances where
people have linked directly to images from Facebook.

Since the cert Facebook is using doesn't have a wildcard subdomain for
the hidden services, the user is presented with a mismatched exception
error. Obviously this isn't intended so I figured I would reach out to
you about this :)

Here is the example I used [0][1] I included both the original link
and the redirected one. This was found by searching for site:fbcdn.net
on Reddit and picking the first non-broken safe for work image I could
find (this was surprisingly hard!).

I'm not too familiar with how Facebook handles these links, or if this
is even expected behavior. It seems the fix should just be reissuing
the cert with a wildcard flag, but I could be wrong. Any ideas?

I'm cc'ing tor-talk on this email since I figured more users reading
this can't be a bad thing.

[0]:
https://scontent-b-iad.xx.fbcdn.net/hphotos-prn2/t1/1896752_807594532587586_979724882_n.jpg
[1]:
https://scontent-b-iad.xx.fbcdn23dssr3jqnq.onion/hphotos-prn2/t1/1896752_807594532587586_979724882_n.jpg

Colin Mahns
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUVSw5AAoJEPKk/ZeJv4OMa5AP/16XtoE5I8Sl5OylDd0pyzWn
QHz+7D1idEKOSjIq8ufdHCiFyxsJO5sDHWdxVI1sDuo98YNlYYtNkmkHnKdqT2rl
QW1DJzK8QUxVxRPwtbXdvwRHlKlkW3TSAHQztKoci4x+2JAy2bR5tcUi9mE1KBwj
5UQoK8ZsF7OXFla22iiDVAz2GQyFRUZ0B7AsLjFp+YZz2oPuAvpISsGnDdgAO08E
QeJNdAZnCTzww6LJffrBcVMu10sLvesGrPSqDYMUIFQ6fwCDSU6D1Y1eTs8FtEIl
pRd/PHTZuNnUhNA3sJJQ7v3FF0FXfLHX13uf6elpL3ySOX/2ynTrWop5GFBjNXSa
wrp+nbVVw3hd1NZZufUcSDx+3h3ltzGaFmN/OXPN4+KzIIOUjGovCWGaVPOSpbMv
H44DQZzGaoTaJJO5KzW0xvRGuPLUMbRJjgLR+/FDE3iqfk7g8j4ipVa0mDlZATZP
p7fJbDcNzgjwzvZ1f+eva3515X/1A4oAx5UOaJIj0dzv65QtpFVlia8Cm2Vi8R3g
oC35XRkkcQpcx0nVFW9RcnZ/MGyPhXRJIoVV0vr+kZgChiQWmzc5K+2guU6Nke1d
UFt1AoQUatVrZ6QAmzIDnjul7lTkpJa3Wkj0pxqlbw7iKzpgJXn+znPflxnsS/aV
u9L6TycslYy5AxaOfa0f
=boAs
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

