Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday November 10 2014, @06:14PM   Printer-friendly
from the your-help-is-needed dept.

Little is known about how U.S. and European law enforcement shut down more than 400 websites, including Silk Road 2.0, which used technology that hides their true IP addresses. The websites were set up using a special feature of the Tor network, which is designed to mask people’s Internet use using special software that routes encrypted browsing traffic through a network of worldwide servers.

The Tor Project, is a nonprofit that relies in part on donations. The project “currently doesn’t have funding for improving the security of hidden services,” wrote Andrew Lewman, the project’s executive director, in a blog post on Sunday. ( https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous )

It is possible that a remote-code execution vulnerability has been found in Tor’s software, or that the individual sites had flaws such as SQL injection vulnerabilities. But Lewman wrote The Tor Project had little information on the methods used by law enforcement in the latest action.

“Tor is most interested in understanding how these services were located and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents,” he wrote.

http://www.pcworld.com/article/2845352/tor-project-mulls-how-feds-took-down-hidden-websites.html

[Related]: https://blog.torproject.org/blog/hidden-services-need-some-love

Can anybody help Andrew Lewman understand what happened ?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Interesting) by KiloByte on Monday November 10 2014, @11:24PM

    by KiloByte (375) on Monday November 10 2014, @11:24PM (#114670)

    Which on any properly configured secret service will give you only a RFC1918 address. The first rule for secret services is to compartmentalize external network access away from the service itself. This means, the Tor daemon must be on a different box (physical or VM) than your web server.

    Too bad, I see some common hidden service HOWTOs [github.com] lacking this critical step.

    As the Tor daemon must be able to access a good part of the Net to contact other Tor nodes, any other process on the machine will be able to either do that (from your real IP), query that IP, query some other means of identification, etc. No matter how much you try to secure it, you won't get everything -- the NSA and FBI know bugs in Apache, lighthttpd, Nginx, the kernel and whatever else you're using better than you.

    But if your secret machine doesn't know its own IP address, it can't leak it.

    --
    Ceterum censeo systemd esse delendam.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   2  
  • (Score: 2) by cykros on Wednesday November 12 2014, @01:33AM

    by cykros (989) on Wednesday November 12 2014, @01:33AM (#115031)

    While I appreciate the detail you put into this, I have to wonder if it'd not just be easier to run it all on a NAT'ed host (because, like in your example, said host will again not know it's own public IP address and thus, as far as I can tell anyway, not be able to leak it).

    I'd love to know why I'm wrong though, if so.