Delivery-Date: Fri, 31 Oct 2014 12:52:40 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E2C9E1E0288;
	Fri, 31 Oct 2014 12:52:38 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 7981831892;
	Fri, 31 Oct 2014 16:52:34 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B42883188F
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 16:52:30 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id a6jy7mOtNrbK for <tor-talk@lists.torproject.org>;
 Fri, 31 Oct 2014 16:52:30 +0000 (UTC)
Received: from mail-pa0-x22c.google.com (mail-pa0-x22c.google.com
 [IPv6:2607:f8b0:400e:c03::22c])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 867B13188D
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 16:52:30 +0000 (UTC)
Received: by mail-pa0-f44.google.com with SMTP id bj1so8131631pad.3
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 09:52:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=9EAdEgCNuu7R2V5ZqcusnbbAggXtF87iEDNrcbevRqo=;
 b=HjUc7lhj0C0tzN2vZJe3yIQptW61aL6RYdCN9fPpNtjoQ3dVlyvGGyZbwpQFmIC2lj
 NoRaMbcKpgiwAv7nsQeSQplPVtuPRtBjUKDBQfx2cTXOLYwbA0+8bWUAmGP+p7QvKEbk
 5DPxm++05XRRbEnlfRshP3AEEK+HNof/gSGn8yXBGV2J3fbGySQc+75yfwTiuPzX/ZBM
 GigGzEq5QTjYSBwjkxaO506iI6Lllt/3QkENffD6j50rRS8Oa0tzyIf+ooGBz7RniOr6
 N6OZL0MpuJQDbWYA4vPJga2IBYPeqIMC0gm3lIdPg6DRiXZ2ueflFXSV19DeegHQyEaB
 GQ8w==
MIME-Version: 1.0
X-Received: by 10.70.133.202 with SMTP id pe10mr2259194pdb.32.1414774347938;
 Fri, 31 Oct 2014 09:52:27 -0700 (PDT)
Received: by 10.70.45.9 with HTTP; Fri, 31 Oct 2014 09:52:27 -0700 (PDT)
In-Reply-To: <20141031161231.GE25941@inner.h.apk.li>
References: <20141031122302.GA5554@glue.grepular.com>
 <D078CF97.816C%alecm@fb.com> <5453AF92.906@afo-tm.org>
 <20141031161231.GE25941@inner.h.apk.li>
Date: Fri, 31 Oct 2014 12:52:27 -0400
Message-ID: <CAMCPh3x2ddjwrV-cDP9Xd1yrTS0J4R2Ftx8+5bN4GFsgoW8JDg@mail.gmail.com>
From: AntiTree <antitree@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Facebook brute forcing hidden services
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

It appears that someone has been issued a facebookcorewwwi.onion cert
from another CA as .onion has no way of verifying a collision.
https://news.ycombinator.com/item?id=8538527

On Fri, Oct 31, 2014 at 12:12 PM, Andreas Krey <a.krey@gmx.de> wrote:
> On Fri, 31 Oct 2014 16:49:38 +0000, AFO-Admin wrote:
> ...
>> Hi,
>> i really think that this is a good thing, because i think this hidden
>> service will get a lot attention in countries where Facebook is
>> blocked.
>
> In blocking countries you'll use Tor whether you to the .com
> or the .onion domain. The way around the block is tor, not the
> hidden service.
>
> The hidden service add a protection layer to the traffic from
> the tor network to facebook, but they are using SSL anyway.
>
> And it remains to be seen what they do with static assets
> that are loaded from different domains - but actually it wouldn't
> matter when those are not going through the hidden service.
>
> Andreas
>
> --
> "Totally trivial. Famous last words."
> From: Linus Torvalds <torvalds@*.org>
> Date: Fri, 22 Jan 2010 07:29:21 -0800
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

