Debate Magazine

Further Tor Vulnerabilities Discovered: Public IP Address of Tor Hidden Sites Identified Via SSL Certificates

Posted on the 07 September 2018 by Darkwebnews @darkwebnews

Millions of people all over the world depend on the Tor network to browse the internet securely and privately every day.

However, Tor is not 100 percent safe from compromise. Tor users can misuse the tools to access the network and give away their identity.

This occurrence is currently being highlighted as an internet security researcher has discovered a new Tor vulnerability.

Yonathan Klijnsma, who is a threat researcher at California-based cybersecurity firm RiskIQ, recently found a way to identify the public IP addresses of misconfigured Tor hidden services.

This discovery highlights the dangers of improperly configuring a Tor hidden service. The main purpose of setting up a darknet site on Tor is to allow the owner of the website to stay anonymous.

However, the site administrator has to configure the web server properly to keep the site anonymized.

Proper configuration means that the web server listens only on localhost (127.0.0.1) as opposed to an IP address that is available to the public via the internet.

As , Klijnsma found that there are numerous sites on Tor that use SSL certificates and have hidden services accessible via the internet that are not properly configured.

Misconfigured Tor Services a Major Problem

RiskIQ crawls the Internet, and any SSL certificate that it discovered is associated with its hosted IP address.

As such, it took little effort for Klijnsma to associate misconfigured Tor services to their public IP addresses.

The lead researcher stated that he comes across improperly configured servers on a regular basis.

This indicates that there may be a significantly large number of Tor hidden services with exposed public IP addresses.

Klijnsma's findings didn't seem to go well with some of the Tor users. They felt that Klijnsma's research was an attack on Tor and similar services.

But the security researcher was quick to clarify the purpose of his research. Through another tweet, that he seeks to shed some light onto the dangers associated with improperly configuring of a Tor hidden service.

He emphasized on the inherent security differences of setting up the listening host for servers as 127.0.0.1 and 0.0.0.0.

The researcher reiterated the importance of only listening on the former to protect Tor hidden services from exposure.

Tor & SSL Certificates

It is rather ironic that SSL certificates can contribute to a vulnerability in the Tor network. SSL is the backbone of the secure internet, and it serves to .

The SSL drawback in regard to anonymity here is that the certificates can help to identify the public IP addresses of sites on the dark web.

When the administrator of a Tor hidden service includes an SSL certificate to their website, the .onion domain is associated with the certificate.

If the operator misconfigures the Tor site such that it listens on a public IP address, that certificate with the .onion domain will also be used for the IP address.

Disclaimer:


You Might Also Like :

Back to Featured Articles on Logo Paperblog

These articles might interest you :

  • Looking for the BEST Copycat Crispy Famous Amos Chocolate Chip Cookies (Part...

    Looking BEST Copycat Crispy Famous Amos Chocolate Chip Cookies (Part Recipes)

    version;YES! I've found you!!!YES! You are the Famous Amos Cookies!!!YIPPEE!!!Please pardon me and my over-reacting ecstatic moments! *nervous chuckle*Am I mad... Read more

    17 hours, 43 minutes ago by   Zoebakeforhappykids
    FOOD & DRINK, RECIPES
  • Jade Eagleson Debut EP Review

    Jade Eagleson Debut Review

    Jade Eagleson gave everyone a Wednesday morning surprise when he released his debut EP. The smalltown Ontario country singer is an emerging star in country... Read more

    The 17 October 2018 by   Phjoshua
    LIFESTYLE, SELF EXPRESSION
  • The Pumpkin Spice Products I’m Buying This Fall

    Autumn is my favorite season and to celebrate I indulge in everything pumpkin spice. l buy the seasonal fall products I’ve come to love, while trying out some... Read more

    The 17 October 2018 by   A Girl In La - Style Blog
    DIARIES, LIFESTYLE
  • Singularity: Jon Hopkins Live Show

    Singularity: Hopkins Live Show

    I do not even remember when I first learned of Jon Hopkins‘ music. Maybe about 4 years ago I discovered his incredible album Immunity that made him a huge name. Read more

    The 17 October 2018 by   Flemmingbo
    CULTURE, PHOTOGRAPHY, TRAVEL
  • Loneliness

    Loneliness

    Most of us are a mixture of extrovert and introvert and I’m no exception. I love getting out and meeting people, chatting and laughing, but, equally, I... Read more

    The 17 October 2018 by   Ashleylister
    BOOKS, CREATIVITY, CULTURE, SELF EXPRESSION
  • Connecting with the Tribe in Annapolis

    Connecting with Tribe Annapolis

    “Drink this. Now.” The Annapolis Boat Show was in full swing, but my friend Nica wasn’t handing me one of Pusser’s famous Painkillers with her demand. She had... Read more

    The 17 October 2018 by   Behan Gifford
    FAMILY, OUTDOORS, SEA, TRAVEL
  • A Quick Note About Voting in the Midterm Election, Part 1

    Voting in the November 6 midterm election has never been more important… or easier! Watch this short instructional video I whipped up, then REGISTER TO VOTE! Yo... Read more

    The 17 October 2018 by   Designerdaddy
    FAMILY, PARENTING

Magazines