Silk Road forums
Discussion => Newbie discussion => Topic started by: twodix on January 22, 2013, 02:55 am
-
I just spentover a muthahfuckin hour trying to work out why I couldnt post this in the main security forum as a topic sinc e i figured it was sorta important like you know what with the way it details that the cops could actually be staring straight up every ones assholes right now with a thousand watt flashlight and, what with the motherfuckin reply and start new topic buttons disbled and thanks a fuckin not no explanations given as to why you can't post you poor stupid dumb cunt so as far as I'm concerned, if this article is true then fuck em all for fuckin me over for the last hour since ive never bought or sold anything here so the cops have nothin on me.
This is what I found and was going to post in the security forums. It will give yas all somethin ta talk about...
'Tor anonymizing network Compromised by French researchers
AUTHOR : MOHIT KUMAR on 10/24/2011 03:14:00 AM
Tor anonymizing network Compromised by French researchers
French researchers from ESIEA, a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible publicly and directly with the system’s source code. They demonstrated that it is possible to take control of the network and read all the messages that circulate.
But there are also hidden nodes, the Tor Bridges, which are provided by the system that in some cases. Researchers have developed a script that, once again, to identify them. They found 181. "We now have a complete picture of the topography of Tor," said Eric Filiol.
The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards infected nodes by essentially performing a denial of service on clean systems.
Researchers showed that one third of the nodes are vulnerable, "sufficient in all cases so that we can easily infect and obtain system privileges," says the director. Researchers clone then a part of the network in order not to touch the real network, and they make a virus with which they will be able to take control of the machine."This allows us to set the encryption keys and readers initialization of cryptographic algorithms and thus cancel two layers of encryption on all three," says Eric Filiol. The remaining flow can then be decrypted via a fully method of attack called "to clear unknown" based on statistical analysis.
To guide communication to nodes infected, researchers make unavailable all other nodes. To do this, they apply a double attack: localized congestion, which involves sending a large number of requests Tor on uninfected machines, and spinning the packet, which will enclose Tor servers in a loop circuit to fill them. The Tor protocol will then, naturally, to route calls to infected machines, and that's it.
However, if it is real, details are to be presented at Hackers to Hackers in São Paulo on October 29/30-2011. TOR is no more than an additional layer of obfuscation and should not be relied upon for anonymity or security. Like any darknet, it is a complement to application-layer encryption and authentication, no more.
-
thats pretty cool
-
damn frenchies
-
god dam frog eating surrender monkeys
-
lucky we arent in 2011 any more
-
I just spentover a muthahfuckin hour trying to work out why I couldnt post this in the main security forum as a topic sinc e i figured it was sorta important like you know what with the way it details that the cops could actually be staring straight up every ones assholes right now with a thousand watt flashlight and, what with the motherfuckin reply and start new topic buttons disbled and thanks a fuckin not no explanations given as to why you can't post you poor stupid dumb cunt so as far as I'm concerned, if this article is true then fuck em all for fuckin me over for the last hour since ive never bought or sold anything here so the cops have nothin on me.
This is what I found and was going to post in the security forums. It will give yas all somethin ta talk about...
'Tor anonymizing network Compromised by French researchers
AUTHOR : MOHIT KUMAR on 10/24/2011 03:14:00 AM
Tor anonymizing network Compromised by French researchers
French researchers from ESIEA, a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible publicly and directly with the system’s source code. They demonstrated that it is possible to take control of the network and read all the messages that circulate.
But there are also hidden nodes, the Tor Bridges, which are provided by the system that in some cases. Researchers have developed a script that, once again, to identify them. They found 181. "We now have a complete picture of the topography of Tor," said Eric Filiol.
The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards infected nodes by essentially performing a denial of service on clean systems.
Researchers showed that one third of the nodes are vulnerable, "sufficient in all cases so that we can easily infect and obtain system privileges," says the director. Researchers clone then a part of the network in order not to touch the real network, and they make a virus with which they will be able to take control of the machine."This allows us to set the encryption keys and readers initialization of cryptographic algorithms and thus cancel two layers of encryption on all three," says Eric Filiol. The remaining flow can then be decrypted via a fully method of attack called "to clear unknown" based on statistical analysis.
To guide communication to nodes infected, researchers make unavailable all other nodes. To do this, they apply a double attack: localized congestion, which involves sending a large number of requests Tor on uninfected machines, and spinning the packet, which will enclose Tor servers in a loop circuit to fill them. The Tor protocol will then, naturally, to route calls to infected machines, and that's it.
However, if it is real, details are to be presented at Hackers to Hackers in São Paulo on October 29/30-2011. TOR is no more than an additional layer of obfuscation and should not be relied upon for anonymity or security. Like any darknet, it is a complement to application-layer encryption and authentication, no more.
You cant post there yet until you get 50 posts, anyhow good read
-
ok god bless
-
https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated
open this link in your regular browser.
-
https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated
open this link in your regular browser.
Lol Well so much for that tantrum
-
There will always be backdoors to anything. As compromises are found out, we will fix them.
-
yeah
-
You don't say. Well. Well well well well well. Well well. Well. Well. Well well well well......well....
-
Guess they gave up thats why we havent heard more lol
-
nice find
-
lucky we arent in 2011 any more
ha ha!
-
I've relaxed
-
It sounds like the french have managed to compromise machines that are inherently insecure rather than Tor itself. Correct me if I am wrong but I belief that Silkroad itself has application layer encryption, as I hope the dread pirate has certainly put his time in configuring his server correctly. I recall once reading that around 70 percent of all php sites are inherently insecure simply because the programmers building them are not following best practices.
-
thats kinda spooky...
-
Based on TOR's reply, it seems as though everything is under control .
-
It sounds like the french have managed to compromise machines that are inherently insecure rather than Tor itself. Correct me if I am wrong but I belief that Silkroad itself has application layer encryption, as I hope the dread pirate has certainly put his time in configuring his server correctly. I recall once reading that around 70 percent of all php sites are inherently insecure simply because the programmers building them are not following best practices.
anonymart is correct in that the premise of this attack is based on computers being not as secure as they should be, thus creating the vulnerability.
The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards infected nodes by essentially performing a denial of service on clean systems.
:)
-
you do know this is a load of BS right? TOR and anonymity isnt only used for the wrong purposes. They might target the road but definatly not tormail, safemail or any other email hidden by tor.... people who are in the witness protection program use TOR and people who have to hide from abusive people use it just to keep out of sight.... for the french to deface these poor people is a fucking disgrace and would never happen. if it does they will have so many lawsuits on their hands from people just trying to hide from monsters (people). I know people that use it just cuz theyre scared their crazy husband who just got out of prison will find them and kill them. TOR has many many great purposes for existing beside silk road. the only thing vendors on the road would ever have to worry about is cashing out their coins and getting all their shit out of escrow before the site is hacked by some computer genius. although everything is a possibility revealing or defciang tor users is not gonna happen. and if it does trust me they will hear from me as i used it to protect myself from a psycho getting out.
-
P.S you do know this article was posted 2 years ago............
AUTHOR : MOHIT KUMAR on 10/24/2011 03:14:00 AM
10/24/20111
-
Reminds me of the story about some security expert who supposedly setup an exit node and captured all the outbound traffic to the lightnet, including plain-text email passwords being used by foreign ambassadors to various nations (all of whom were too proud to contact this expert to find out what they'd done wrong)... This could always be an urban myth, but it makes perfect enough sense.
-
you do know this is a load of BS right? TOR and anonymity isnt only used for the wrong purposes. They might target the road but definatly not tormail, safemail or any other email hidden by tor.... people who are in the witness protection program use TOR and people who have to hide from abusive people use it just to keep out of sight.... for the french to deface these poor people is a fucking disgrace and would never happen. if it does they will have so many lawsuits on their hands from people just trying to hide from monsters (people). I know people that use it just cuz theyre scared their crazy husband who just got out of prison will find them and kill them. TOR has many many great purposes for existing beside silk road. the only thing vendors on the road would ever have to worry about is cashing out their coins and getting all their shit out of escrow before the site is hacked by some computer genius. although everything is a possibility revealing or defciang tor users is not gonna happen. and if it does trust me they will hear from me as i used it to protect myself from a psycho getting out.
Tor is used by many organizations including Law Enforcement, Army, Navy, Air Force, Journalists, Businesses and Media Outlets to name a few.
-
rtxcwx
-
As usual the actual security compromise is vastly overstated. Fear mongering, nothing to see here.
-
P.S you do know this article was posted 2 years ago............
AUTHOR : MOHIT KUMAR on 10/24/2011 03:14:00 AM
10/24/20111
the french are just biding their time, waiting for the perfect moment to pounce on all those unsuspecting road users..... all they need is another 2 years!! lol
-
2 years ago in internet time is 2 decades ago
get with the times
-
2 years ago in internet time is 2 decades ago
get with the times
ye even if this article was ever even close to the truth it is way out of date now!!
-
Je n'y suis pour rien! :)