The Great Silk Road Crash of 20** ...? - page 16.

unicron

newbie

Activity: 25

Merit: 0

Quote from: Desolator on September 20, 2012, 01:34:36 PM

btw there's nooooo way in hell it's a hosted machine at a 3rd party host. Almost all web hosts have backdoors to view content on their own servers regardless of security not to mention examining inbound and outbound data to the server. The FBI probably has every host in the US and as many as they could get in the rest of the world examining their data for servers containing files relevant to silkroad or data indicating massive inbound TOR traffic.

The existence of shady hosts notwithstanding, it really could be anywhere. It could be on a hacked box in Russia. It could be secreted in a closet at a NOC. It could be somewhere completely different and using an ssh tunnel through a rogue access point in any organization. The traffic would look like normal SSL traffic, and because of the way hidden services work, if the server or its tunnel endpoint ever went down, a backup could be placed elsewhere and nobody would have to update their links to it. That's because the hidden service hostname is actually a hash of its private key.

Quote

1. go to google
2. type in "tor weaknesses"
3. shut the hell up

I appreciate your concern, but I'm not the one being willfully ignorant here.

tpantlik

full member

Activity: 136

Merit: 100

Quote from: Desolator on September 20, 2012, 01:34:36 PM

Ugh, you know servers are just computers, right? There are tons of conditions under which a server or the software running on it simply opens a PDF file that someone loads. A CMS's php-based thumbnail generator script alone could do it (especially if made by adobe, lol). I'm just saying, server aren't magic, they're just regular computers and regular computers can leak data outside of Tor very easily. You know how many linux applications and services are capable of using the internet connection on their own? A LOT!!!

btw there's nooooo way in hell it's a hosted machine at a 3rd party host. Almost all web hosts have backdoors to view content on their own servers regardless of security not to mention examining inbound and outbound data to the server. The FBI probably has every host in the US and as many as they could get in the rest of the world examining their data for servers containing files relevant to silkroad or data indicating massive inbound TOR traffic.

Quote from: unicron on September 20, 2012, 01:28:43 PM

The most charitable reading is that you are spreading FUD.

All I'm saying is if you think Tor is a magical cloak of invulnerability that will never ever be vulnerable, you're wrong. Here, let's get you all certified to talk about Tor. It's 3 really simple steps.

1. go to google
2. type in "tor weaknesses"
3. shut the hell up

Congratulations, you are going to my ignore list (how can http server reveals its public IP when it's not connected to Internet?). And as a reward I am sending you 666 satoshis. This reward is for your only valid point that is - you cannot have 100% secured site even if it is tor hidden service.

capsqrl

sr. member

Activity: 444

Merit: 250

Please explain how Silk Road has been in operation since February, 2011.

Desolator

sr. member

Activity: 392

Merit: 250

Ugh, you know servers are just computers, right? There are tons of conditions under which a server or the software running on it simply opens a PDF file that someone loads. A CMS's php-based thumbnail generator script alone could do it (especially if made by adobe, lol). I'm just saying, server aren't magic, they're just regular computers and regular computers can leak data outside of Tor very easily. You know how many linux applications and services are capable of using the internet connection on their own? A LOT!!!

btw there's nooooo way in hell it's a hosted machine at a 3rd party host. Almost all web hosts have backdoors to view content on their own servers regardless of security not to mention examining inbound and outbound data to the server. The FBI probably has every host in the US and as many as they could get in the rest of the world examining their data for servers containing files relevant to silkroad or data indicating massive inbound TOR traffic.

Quote from: unicron on September 20, 2012, 01:28:43 PM

The most charitable reading is that you are spreading FUD.

All I'm saying is if you think Tor is a magical cloak of invulnerability that will never ever be vulnerable, you're wrong. Here, let's get you all certified to talk about Tor. It's 3 really simple steps.

1. go to google
2. type in "tor weaknesses"
3. shut the hell up

unicron

newbie

Activity: 25

Merit: 0

Quote from: Desolator on September 20, 2012, 11:54:48 AM

can anyone explain how an entire site can exist inside TOR? [...] I'm still not convinced they designed it that way in the first place but I can't imagine how else someone could set up a website that exists only in TOR and have it actually work.

[...] if those idiots think they're safe, they're not.

Quote from: Desolator on September 20, 2012, 12:56:24 PM

Okay, now I'm really not clicking it, you dumbass.

[...]

Your knowledge of how Tor works is a joke. [...]

You claim you want to know, then you decide to be spiteful instead. The most charitable reading is that you are spreading FUD.

As for other programs on the same computer not using tor, if you torify your shell then every process forked from it will use tor. This is a trivial enough workaround to make your point uninteresting to anyone who hasn't just learned about tor.

WITRcenter

member

Activity: 88

Merit: 10

W Investment Technology Research Center

By the use of bitcoin, can we encourage more half-volunteered-half-donated Tor traffic relay server?

thebaron

sr. member

Activity: 434

Merit: 250

Quote from: capsqrl on September 20, 2012, 01:16:11 PM

Quote from: Desolator on September 20, 2012, 11:54:48 AM

any web server sitting only in the TOR network would get identified and found out in like a day. So if those idiots think they're safe, they're not.

Are you aware that Silk Road has been in operation for almost two years? It has gotten tons of press coverage, and an American senator demanded that authorities take it down. How can you seriously claim that Silk Road would be taken down in a day, and is run by idiots?

I think they make enough money to do things like rent a server, encrypt it, and just use it for a VPN connection to TOR for their main server. And then get a new one each month.

capsqrl

sr. member

Activity: 444

Merit: 250

Quote from: Desolator on September 20, 2012, 11:54:48 AM

any web server sitting only in the TOR network would get identified and found out in like a day. So if those idiots think they're safe, they're not.

Are you aware that Silk Road has been in operation for almost two years? It has gotten tons of press coverage, and an American senator demanded that authorities take it down. How can you seriously claim that Silk Road would be taken down in a day, and is run by idiots?

You might as well claim that this "aeroplane" thingy will never fly because it's many tons heavy and it's made of metal.

kokojie

legendary

Activity: 1806

Merit: 1003

Quote from: Desolator on September 20, 2012, 11:54:48 AM

can anyone explain how an entire site can exist inside TOR? I mean I read that it's like a fake TLD that's correctly translated but wouldn't the creators of the TOR software have to manually code the software to accept and properly route fake TLDs? So pull the plug on that idiotic feature! I'm still not convinced they designed it that way in the first place but I can't imagine how else someone could set up a website that exists only in TOR and have it actually work.

Btw with all the 3rd party code and direct to browser scripts and FTP operations and stuff, any web server sitting only in the TOR network would get identified and found out in like a day. So if those idiots think they're safe, they're not.

Unless someone proves they obtained verified sillkroad IP, that's like just your opinion dude. If it was that easy, silkroad would have been pwned hundreds of times by now.

tpantlik

full member

Activity: 136

Merit: 100

Quote from: Desolator on September 20, 2012, 12:56:24 PM

Okay, now I'm really not clicking it, you dumbass.

Quote from: tpantlik on September 20, 2012, 12:50:13 PM

Quote from: Desolator on September 20, 2012, 12:36:14 PM

Yeeeeah, security certificate error and an extension ending in .en. I don't think I'm gonna let that page load.

Btw you upload one PDF with scripts and get the server to run it, you'll get their internal and external IP and the name of the server, lol. Same but even easier with an adobe flash file. It's a direct route that bypasses the entire network by simply not using it.

ROFL, this is joke, right?

Your knowledge of how Tor works is a joke. If you wrap a browser or a service like IIS or something in a Tor "wrapper" basically, all communication goes through Tor. All other programs on the computer do not use Tor and all browsers plugins are completely separate programs. All web servers have the capability to view their own pages and do under certain circumstances. Most also have Java, flash, adobe reader, etc installed. So 1 little scripted file opens in a plugin and it bypasses Tor completely and goes straight to the target.

Don't believe me. Believe exactly what I just said which is posted on their own Tor safety warning page:
https://www.torproject.org/download/download-easy.html#warning

Not all warnings apply to entire server installations but the principal of alternate apps directly accessing the internet by themselves without using Tor is exactly the same.

Hey look, a quote:
The Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them.

Of course there is side channels trough your server could leak IP address. But if you run site like SR you will not install it on your home desktop with Windows.

You pick up server, install minimal linux or BSD on it and http server and of course use firewall and http server connect trough proxy on the other server wich allows connection only trough firewall to tor network.

BTW do you bother about updates on your Windows desktop? (certificate)

EDIT: WTF will you be opening DOC or PDF documents on the server that serves the hidden service?

kangasbros

hero member

Activity: 812

Merit: 1006

Silk Road won't be the market leader in any case for long. It is trivial business to enter to. Maybe some mafioso can throw some money in clever guerilla marketing. Maybe the future marketplaces employ better techniques for quality control etc.

And there already exists an open source software which allows anyone to set up their own marketplace (I don't know how good it is). The software is pretty trivial to implement.

Desolator

sr. member

Activity: 392

Merit: 250

Okay, now I'm really not clicking it, you dumbass.

Quote from: tpantlik on September 20, 2012, 12:50:13 PM

Quote from: Desolator on September 20, 2012, 12:36:14 PM

Yeeeeah, security certificate error and an extension ending in .en. I don't think I'm gonna let that page load.

Btw you upload one PDF with scripts and get the server to run it, you'll get their internal and external IP and the name of the server, lol. Same but even easier with an adobe flash file. It's a direct route that bypasses the entire network by simply not using it.

ROFL, this is joke, right?

Your knowledge of how Tor works is a joke. If you wrap a browser or a service like IIS or something in a Tor "wrapper" basically, all communication goes through Tor. All other programs on the computer do not use Tor and all browsers plugins are completely separate programs. All web servers have the capability to view their own pages and do under certain circumstances. Most also have Java, flash, adobe reader, etc installed. So 1 little scripted file opens in a plugin and it bypasses Tor completely and goes straight to the target.

Don't believe me. Believe exactly what I just said which is posted on their own Tor safety warning page:
https://www.torproject.org/download/download-easy.html#warning

Not all warnings apply to entire server installations but the principal of alternate apps directly accessing the internet by themselves without using Tor is exactly the same.

Hey look, a quote:
The Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them.

tpantlik

full member

Activity: 136

Merit: 100

Quote from: Desolator on September 20, 2012, 12:36:14 PM

Yeeeeah, security certificate error and an extension ending in .en. I don't think I'm gonna let that page load.

Btw you upload one PDF with scripts and get the server to run it, you'll get their internal and external IP and the name of the server, lol. Same but even easier with an adobe flash file. It's a direct route that bypasses the entire network by simply not using it.

ROFL, this is joke, right?

unicron

newbie

Activity: 25

Merit: 0

Quote from: Desolator on September 20, 2012, 12:36:14 PM

Yeeeeah, security certificate error and an extension ending in .en. I don't think I'm gonna let that page load.

Load it in a VM that you can revert after, Mr. Security Expert. You seem to talk a lot for someone who is unwilling to read.

Desolator

sr. member

Activity: 392

Merit: 250

Yeeeeah, security certificate error and an extension ending in .en. I don't think I'm gonna let that page load.

Btw you upload one PDF with scripts and get the server to run it, you'll get their internal and external IP and the name of the server, lol. Same but even easier with an adobe flash file. It's a direct route that bypasses the entire network by simply not using it.

paulie_w

sr. member

Activity: 420

Merit: 250

read this:

https://www.torproject.org/docs/hidden-services.html.en

DanielVG

sr. member

Activity: 266

Merit: 250

I want free lunch, i'm gonna go with this guy.

..as if illegal MP3 downloads disappeared when Napster went down...

The more you try to fight the internet the faster it will evolve.
same for war on drugs.

flower1024

legendary

Activity: 1428

Merit: 1000

Quote from: Desolator on September 20, 2012, 11:54:48 AM

can anyone explain how an entire site can exist inside TOR? I mean I read that it's like a fake TLD that's correctly translated but wouldn't the creators of the TOR software have to manually code the software to accept and properly route fake TLDs? So pull the plug on that idiotic feature! I'm still not convinced they designed it that way in the first place but I can't imagine how else someone could set up a website that exists only in TOR and have it actually work.

Btw with all the 3rd party code and direct to browser scripts and FTP operations and stuff, any web server sitting only in the TOR network would get identified and found out in like a day. So if those idiots think they're safe, they're not.

try it

i bet you wont get their public ip...

Desolator

sr. member

Activity: 392

Merit: 250

can anyone explain how an entire site can exist inside TOR? I mean I read that it's like a fake TLD that's correctly translated but wouldn't the creators of the TOR software have to manually code the software to accept and properly route fake TLDs? So pull the plug on that idiotic feature! I'm still not convinced they designed it that way in the first place but I can't imagine how else someone could set up a website that exists only in TOR and have it actually work.

Btw with all the 3rd party code and direct to browser scripts and FTP operations and stuff, any web server sitting only in the TOR network would get identified and found out in like a day. So if those idiots think they're safe, they're not.

paulie_w

sr. member

Activity: 420

Merit: 250

exactly. but the beautiful thing about bitcoin is that you can just sit on it for as long as you want, until you completely figure out your laundering strategy.

Topic: The Great Silk Road Crash of 20** ...? - page 16. (Read 37096 times)