Home | Community | Message Board

Avalon Magic Plants
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: PhytoExtractum Kratom Powder for Sale   Left Coast Kratom Buy Kratom Capsules   Kraken Kratom Red Vein Kratom

Jump to first unread post Pages: 1
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
A Tool to Check If Your Dark Web Site Really Is Anonymous
    #23362370 - 06/19/16 11:32 PM (7 years, 7 months ago)

http://motherboard.vice.com/read/onionscan-checks-if-your-dark-web-site-really-is-anonymous?trk_source=recommended
Quote:

Sites on the so-called dark web are designed to protect the anonymity of both their visitors and owners. But plenty of administrators make mistakes in setting them up, sometimes leading to the server's real IP address being leaked, or they might leave identifying metadata in files uploaded to the site.

Now, a researcher has developed a custom tool for automatically scanning Tor hidden services for a slew of vulnerabilities and issues, meaning anyone, from dark web drug lords to people hosting whistleblowing platforms, can make sure that their site really is protected.

“I want anonymity tools to be the best; there are people whose lives depend on them,” Sarah Jamie Lewis, the independent security researcher who came up with the tool, told Motherboard in an encrypted chat.

“OnionScan,” as the program is called, checks sites for problems that may unmask servers or identify their owners. That might be an open server status page, which allows anyone to see what other sites are being hosted by the same person. Or there might be metadata in images on the site, revealing GPS coordinates of where they were taken. The first version of OnionScan will be released this weekend, Lewis said.

“While doing some research earlier this year I kept coming across the same issues in hidden services—exposed Apache status pages, images not stripped of exif data, pages revealing information about the tools used to build it with, etc. The goal is [to] provide an easy way of testing these things to drive up the security bar,” Lewis added.

It works “pretty much the same as any web security scanner, just tailored for deanonymization vectors,” she continued.

OnionScan is not subtle, however. “It is worth noting that the software is noisy; it needs to make a number of requests to download images and files,” Lewis said. “It sticks out like a sore thumb in logs.”

Lewis started her research with dark web markets, assuming that they would have developed some cool security features. “They have a huge economic incentive to be innovative in this space—assuming they aren't trying to scam people,” she added. Indeed, the marketplace AlphaBay has made it mandatory for vendors to use two-factor authentication.

“However, what I also found was many, many sites failing basic security practices like the above. So many that I started to write a tool to help me catalogue them—and this is where the tool came from,” Lewis said. “If so may of those sites are failing themselves and their users, I am willing to bet so are anonymous political blogs and other users who desperately need the anonymity.”

Other researchers have previously reported pretty serious problems with how hidden services have been configured. UK-based Thomas White discovered the IP address of the now-defunct Kiss Marketplace, as well as that of a dark web fraud market. In June of last year, White claimed to have gathered information on more than 500 sites, and the IP addresses of eight.

In future updates, Lewis' tool will also pull other potentially identifying data, such as PGP keys and comparing the different software used to generate them.




Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: PhytoExtractum Kratom Powder for Sale   Left Coast Kratom Buy Kratom Capsules   Kraken Kratom Red Vein Kratom


Similar ThreadsPosterViewsRepliesLast post
* User-side web hosting Drink_Punk_Soda 1,219 3 10/14/03 06:09 AM
by Seuss
* Anonymous Proxies - SafeWeb financed by CIA Lana 15,679 2 09/26/01 12:10 PM
by Serum
* URGENT: I need some help to find New Web-Host Natura 1,365 8 06/16/03 05:33 PM
by Natura
* Post deleted by Moe Howard bigidiot 912 3 01/29/02 01:49 AM
by DONOTDELETE
* Posting through anonymous proxies? psyphon 1,232 1 12/26/01 09:22 PM
by juubou
* -NEW TOOL- *DELETED* mike 840 6 07/10/03 01:48 PM
by AnimaAnimus
* Good Proxy Sites :) T0aD 2,803 7 06/19/03 12:28 AM
by iglou
* anonymizer.com Baby_Hitler 14,489 2 08/25/02 02:14 PM
by Lana

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
185 topic views. 0 members, 0 guests and 2 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.023 seconds spending 0.007 seconds on 13 queries.