Delivery-Date: Thu, 11 Sep 2014 06:53:08 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 0FDD61E0ADD;
	Thu, 11 Sep 2014 06:53:07 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6D906307B3;
	Thu, 11 Sep 2014 10:53:03 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8D4072DA52
 for <tor-talk@lists.torproject.org>; Thu, 11 Sep 2014 10:52:59 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id n7DOLp-ryNci for <tor-talk@lists.torproject.org>;
 Thu, 11 Sep 2014 10:52:59 +0000 (UTC)
Received: from mail-qg0-x236.google.com (mail-qg0-x236.google.com
 [IPv6:2607:f8b0:400d:c04::236])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 5CC182C26D
 for <tor-talk@lists.torproject.org>; Thu, 11 Sep 2014 10:52:56 +0000 (UTC)
Received: by mail-qg0-f54.google.com with SMTP id z60so5256965qgd.27
 for <tor-talk@lists.torproject.org>; Thu, 11 Sep 2014 03:52:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:date:message-id:subject
 :from:to:content-type;
 bh=E3jXLPqVeEVhGKx2axBiRe84Q4nnPae5pkZsb+OXH2A=;
 b=x27FPhVpalNWWZQfx8SBzjXMAmdDzDIPG2YaKrtgw/PqCgukN5RB5nI1/YKEPtZjTy
 UMjpcLv2SYmehpr4tFvR0eIwdf87QXeho8puK2IiW9+AGeocLO4dqN6iHmcCQPgZ36V4
 9Z7Rke8HlmLkj0LnbL5PItUzyhqnE4csmp/zYCBtHsBOV3Gb7hQSDlq2qwfomZeDRjnZ
 jaPGoarBIm+21cIbuBT1XimAyTGp+SBP5QNPODHWPbDrVVFPQ/CgYMJiF3K6Nt7ZgffN
 XAFJC6csrsfqy80OTr3imDeoMataftCR0tHSZb3Fh/KBZ6LMTaMN76JzO1f+HqFyljXc
 WUmg==
MIME-Version: 1.0
X-Received: by 10.224.74.202 with SMTP id v10mr12015358qaj.101.1410432774016; 
 Thu, 11 Sep 2014 03:52:54 -0700 (PDT)
Received: by 10.96.204.39 with HTTP; Thu, 11 Sep 2014 03:52:53 -0700 (PDT)
Received: by 10.96.204.39 with HTTP; Thu, 11 Sep 2014 03:52:53 -0700 (PDT)
In-Reply-To: <541131E1.9060409@copper.net>
References: <541131E1.9060409@copper.net>
Date: Thu, 11 Sep 2014 06:52:53 -0400
X-Google-Sender-Auth: 3NucvSSOHaW9pz7znFjWM4xaLN8
Message-ID: <CACbaT3aL5qXT8exRsRRko2fjbtZ71q5z9PuW1TRptJHxD60OMw@mail.gmail.com>
From: Adrian Crenshaw <irongeek@irongeek.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] How FBI Pinpointed Silk Road's Server
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

I've seen plenty of error messages before that leak internal ip addresses,
so still possible. I'd like to know the exact fields they used, and
characters. Tired of things being dumbed down enough for lawyers to
understand. What captcha software did they use?

Adrian
On Sep 11, 2014 1:25 AM, "Jim" <jimmymac@copper.net> wrote:

> Wired has recently published an article about how the FBI claims to have
> found Silk Road's server:
>
> http://www.wired.com/2014/09/the-fbi-finally-says-how-it-
> legally-pinpointed-silk-roads-server/
>
> The FBI claims:
>
> "As they typed 'miscellaneous' strings of characters into the login
> page's entry fields, Tarbell writes that they noticed an IP address
> associated with some data returned by the site didn't match any known
> Tor 'nodes,' the computers that bounce information through Tor's
> anonymity network to obscure its true source."
>
> I don't see how that is possible, regardless how badly misconfigured the
> server is.  When the server is accessed as a Tor hidden service it
> doesn't know the client's IP address.  So the only way it can respond is
> back through Tor.  Unless by "typing miscellaneous strings" they managed
> to infect the server with something that contacted an FBI machine via
> clearnet, similar to Magneto.  Am I missing something?  Or are they
> stretching the meaning of "typing miscellaneous strings"?  Or outright
> lying?
>
> Jim
>
>
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

