Delivery-Date: Wed, 10 Sep 2014 00:26:18 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 688411E0EEB;
	Wed, 10 Sep 2014 00:26:15 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4B67F302F0;
	Wed, 10 Sep 2014 04:26:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 51FBE2EC32
 for <tor-talk@lists.torproject.org>; Wed, 10 Sep 2014 04:26:07 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id egjD0bUMdhBJ for <tor-talk@lists.torproject.org>;
 Wed, 10 Sep 2014 04:26:07 +0000 (UTC)
Received: from latitanza.investici.org (latitanza.investici.org
 [82.94.249.234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.autistici.org",
 Issuer "Autistici/Inventati Certification Authority" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 1EF022C0D1
 for <tor-talk@lists.torproject.org>; Wed, 10 Sep 2014 04:26:06 +0000 (UTC)
Received: from [82.94.249.234] (latitanza [82.94.249.234]) (Authenticated
 sender: griffin@cryptolab.net) by localhost (Postfix) with ESMTPSA id
 54D7C12054E; Wed, 10 Sep 2014 04:26:03 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptolab.net;
 s=stigmate; t=1410323163;
 bh=za4hZKZaBiIBS3Rc9MnA+GdKGE0aUCyhYVqcPpEsgxE=;
 h=Date:From:To:Cc:Subject:In-Reply-To:References;
 b=MUd89RUMHIlNZKRs2H05qEe9h7KYnOqQamz1V7bkFxvHRygE1L7HCMvKDlvXoMT8T
 nkmMOk+fyX3DyctgxaJhEJrt8jcozre5piCjnCIjSu5UwmqwaMjiVfBferSY1CDU2e
 3dukM6KpFW+D1gUF+2WzcKi06OrFEzx7ctsExeww=
MIME-Version: 1.0
Date: Wed, 10 Sep 2014 00:26:03 -0400
From: Griffin Boyce <griffin@cryptolab.net>
To: tor-talk@lists.torproject.org
In-Reply-To: <540FBDB9.30509@technoskald.me>
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@openmailbox.org>
 <20140814001854.GO8819@moria.seul.org>
 <cd0f0f8d006df59c665f6e8cba21e16f@openmailbox.org>
 <540D5911.1060506@riseup.net>
 <7f4a7e28fce1849455b0d162fddf059f@cryptolab.net>
 <540D685A.9080600@riseup.net>
 <c31b4308564c424f53838ac19d02a2cc@cryptolab.net>
 <540FBDB9.30509@technoskald.me>
Message-ID: <d99a66e76527ecf9696bd35286fa4cc0@cryptolab.net>
X-Sender: griffin@cryptolab.net
User-Agent: Roundcube Webmail
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Kyle Maxwell wrote:
> Griffin Boyce wrote:
>> Actually, no, I *am* surprised that they decided to not even
>> bother trying to gift malware to Mac or Linux users.
> 
> Probably just playing the odds, I'd suspect. Though they could've
> examined the access logs at some point - do we know either way on that?

Hey Kyle,

   With Freedom Hosting, I actually don't know.  It seems like few 
technical details have come out of that case.  However, I *do* know that 
they'd been hacked at various points, and the service had very poor 
security overall.  The restrictions in place did not actually prevent 
php files from creating *other* types of scripts...  Their sandboxing 
was reputedly quite bad, and for years they had no restrictions on 
resources that users could utilize.  So creating an app designed to 
expand to occupy all resources on the server until it crashed was highly 
effective.  The server itself may not even have kept access logs.  It's 
unclear.

   With SilkRoad[2], supposedly investigators imaged the entire drive, so 
this should still be possible.  In any case, I think it's important to 
avoid taking the investigators' statements at face value.  Weev 
mentioned that investigators made dubious technical statements in some 
places, and while I haven't read all of the documents to come out about 
this case, that's certainly within the realm of possibility.

   There are likely still details that haven't come out yet about both 
cases (though I can't know for sure) and it's not entirely clear what 
level of technical expertise various people have.

Things that are important to note for hidden service operators:
   - Firewall rules are really useful for keeping out unwarranted 
scrutiny.
   - Don't hardcode your IP address in any links (though this is one of 
the least-likely theories).
   - Having a pseudonym isn't a replacement for excellent security 
practices.
   - Don't run a hidden service host.
   - For best security, run your own services rather than relying on 
someone else's security.  I feel like this is often overlooked in the 
name of "easiness" but it's really important IMO. [1]

best,
Griffin

[1] Incidentally, the hidden service documentation rewrite has been 
underway for a while now.
[2] As Salvador Dali once said "I don't do drugs, I *am* drugs." #fact
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

