On Tue, 2013-10-08 at 22:49 +0100, Matthew Toseland wrote: > On Tue, Oct 08, 2013 at 09:24:45PM +0200, Marco Calamari wrote: > > On Sat, 2013-10-05 at 13:47 -0500, Ian Clarke wrote: > > > This doesn't have anything to do with the Silk Road takedown, if that is > > > what you are referring to. > > > > > > The vulnerability there was "between keyboard and chair". > > > > ... not only, in this case also in software ... > > > > 2013 IEEE Symposium on Security and Privacy > > Trawling for Tor Hidden Services: > > Detection, Measurement, Deanonymization > > Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann > > <http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf> > > Not related to the recent busts AFAICS? > > There are published attacks on Tor (and on Freenet too). > The FBI shut down a tor hidden service. > The two are not necessarily connected; most times when something > on Tor is attacked it's via javascript/SQL injection/etc. > In this case I believe it was largely conventional police work.
For what can be know looking at public documenti, like the sentence, <http://www1.icsi.berkeley.edu/~nweaver/UlbrichtCriminalComplaint.pdf> looks like al lot of hidden service were managed by Silk Road owner So this attack, that is relatively cheap and was public in 2012, may heve been used by investigator. OTOH, some insecure behaviour, like using VPN to connect to servers, is known and can be another root cause. But on SL case othe papers were published, <http://arxiv.org/pdf/1207.7139> so a mix of traditional investigation and this exploit looks IMO the most probable investigative activity that was be done in this case. > > > On Sat, Oct 5, 2013 at 1:26 PM, Robert Hailey > > > <rob...@freenetproject.org>wrote: > > > > > > > > > > > Is MITM the right term? > > > > > > > > Not to be picky... but I thought they just pulled the server that was > > > > serving up those particular hidden services and dropped in a new server > > > > with the "identify all users" exploit [if they were not controlling that > > > > server in the first place :-) ].
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
