Delivery-Date: Wed, 17 Sep 2014 06:46:24 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 78D101E0AD9;
	Wed, 17 Sep 2014 06:46:22 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9BFE730BDE;
	Wed, 17 Sep 2014 10:46:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id AB82F30BA7
 for <tor-talk@lists.torproject.org>; Wed, 17 Sep 2014 10:46:15 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id hxydIiI5lwYX for <tor-talk@lists.torproject.org>;
 Wed, 17 Sep 2014 10:46:15 +0000 (UTC)
Received: from forward8l.mail.yandex.net (forward8l.mail.yandex.net
 [84.201.143.141])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "forwards.mail.yandex.net",
 Issuer "Certum Level IV CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 5B62230B9F
 for <tor-talk@lists.torproject.org>; Wed, 17 Sep 2014 10:46:15 +0000 (UTC)
Received: from smtp12.mail.yandex.net (smtp12.mail.yandex.net [95.108.131.191])
 by forward8l.mail.yandex.net (Yandex) with ESMTP id C225F1A41613
 for <tor-talk@lists.torproject.org>; Wed, 17 Sep 2014 14:45:41 +0400 (MSK)
Received: from smtp12.mail.yandex.net (localhost [127.0.0.1])
 by smtp12.mail.yandex.net (Yandex) with ESMTP id 4BAF216A1486
 for <tor-talk@lists.torproject.org>; Wed, 17 Sep 2014 14:45:41 +0400 (MSK)
Received: from tor-exit.nfxn.net (tor-exit.nfxn.net [209.159.142.235])
 by smtp12.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id nnsjQ5ukEm-jd0CLwBE; 
 Wed, 17 Sep 2014 14:45:39 +0400
 (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
 (Client certificate not present)
X-Yandex-Uniq: 61ecd9f8-003f-4be8-ae03-bf807dfbb54d
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1410950740; bh=nhxRmaWPzzBE63mmkuBvEkXYQsNNmUBdBI1PHaACIL8=;
 h=Date:From:To:Subject:Message-ID:Mail-Followup-To:References:
 MIME-Version:Content-Type:Content-Disposition:In-Reply-To:
 User-Agent;
 b=n8H95D1GuQR/CFQ/sjvjqWvQLUDpzzTKD7CLjXj6sR/aIOP55RBlNLKjd/yxeiLc5
 Lu6MVU0RHRJkRld91wbuAX3VfEuRnMJ1Ki9Hv+Nxg14/aXNEwoSweqh5wdaT+BmaMa
 Dl3Cl/BrYbNKk52Lo7s0KPD8wlI35VIyx1vfnt9w=
Authentication-Results: smtp12.mail.yandex.net; dkim=pass header.i=@yandex.ru
Date: Wed, 17 Sep 2014 10:45:47 +0000
From: =?utf-8?B?0JDRgNGC0YPRgCDQmNGB0YLQvtC80LjQvQ==?= <art.istom@yandex.ru>
To: tor-talk@lists.torproject.org
Message-ID: <20140917104547.GA14743@localhost>
Mail-Followup-To: tor-talk@lists.torproject.org
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@openmailbox.org>
 <20140814001854.GO8819@moria.seul.org>
 <cd0f0f8d006df59c665f6e8cba21e16f@openmailbox.org>
 <540D5911.1060506@riseup.net>
 <7f4a7e28fce1849455b0d162fddf059f@cryptolab.net>
 <540D685A.9080600@riseup.net>
 <c31b4308564c424f53838ac19d02a2cc@cryptolab.net>
 <540FBDB9.30509@technoskald.me>
 <d99a66e76527ecf9696bd35286fa4cc0@cryptolab.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <d99a66e76527ecf9696bd35286fa4cc0@cryptolab.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, Sep 10, 2014 at 12:26:03AM -0400, Griffin Boyce wrote:
> Kyle Maxwell wrote:
> >Griffin Boyce wrote:
> >>Actually, no, I *am* surprised that they decided to not even
> >>bother trying to gift malware to Mac or Linux users.
> >
> >Probably just playing the odds, I'd suspect. Though they could've
> >examined the access logs at some point - do we know either way on that?
> 
> Hey Kyle,
> 
>   With Freedom Hosting, I actually don't know.  It seems like few technical
> details have come out of that case.  However, I *do* know that they'd been
> hacked at various points, and the service had very poor security overall.
> The restrictions in place did not actually prevent php files from creating
> *other* types of scripts...  Their sandboxing was reputedly quite bad, and
> for years they had no restrictions on resources that users could utilize.
> So creating an app designed to expand to occupy all resources on the server
> until it crashed was highly effective.  The server itself may not even have
> kept access logs.  It's unclear.
> 
>   With SilkRoad[2], supposedly investigators imaged the entire drive, so
> this should still be possible.  In any case, I think it's important to avoid
> taking the investigators' statements at face value.  Weev mentioned that
> investigators made dubious technical statements in some places, and while I
> haven't read all of the documents to come out about this case, that's
> certainly within the realm of possibility.
> 
>   There are likely still details that haven't come out yet about both cases
> (though I can't know for sure) and it's not entirely clear what level of
> technical expertise various people have.
> 
> Things that are important to note for hidden service operators:
>   - Firewall rules are really useful for keeping out unwarranted scrutiny.
>   - Don't hardcode your IP address in any links (though this is one of the
> least-likely theories).
>   - Having a pseudonym isn't a replacement for excellent security practices.
>   - Don't run a hidden service host.
>   - For best security, run your own services rather than relying on someone
> else's security.  I feel like this is often overlooked in the name of
> "easiness" but it's really important IMO. [1]

Is it does not contradict with previous statement about "don't run a
hidden service host"?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

