Domain: blutmagie.de
Stories and comments across the archive that link to blutmagie.de.
Comments · 9
-
Re:What a load of shit
No problemo. You can find my IP address here: https://torstatus.blutmagie.de...
-
Re:Not really an 0day exploit
You can see this whole list of tor nodes here: https://torstatus.blutmagie.de...
All Lizard nodes resolve to *.bc.googleusercontent.comThat's not the whole list. I've been running a node for years, and it's not listed on that page.
-
Re:Prove it.
They already proved it. Take a glance on this list. The "LizardNSA" nodes are theirs.
What is bullshit is calling this a Tor 0day. From what I read on the subject, which, admittedly, isn't much, they don't seem to have found an unknown flaw on Tor and are just throwing a bunch of relays at it - which was a "flaw" known since day 1.
-
Not really an 0day exploit
Either way, @LizardMafia's Tor relay attack isn't new. There's a paper on how Tor loses anonymity if over 50% of relays are compromised.
https://twitter.com/kaepora/st...
I was going to go with botnet, but many LizardNSA relay IPs appear to route back to Google Cloud. Thousands of tiny VMs at low bandwidth?
https://twitter.com/kaepora/st...
You can see this whole list of tor nodes here: https://torstatus.blutmagie.de...
All Lizard nodes resolve to *.bc.googleusercontent.com -
Re:Is that really going to work?
Thankfully tor exports a handy list of exit nodes. This list is also kept in other places and it came in handy a few months back when someone used tor to flood my ssh server with a massive amount of ssh logins. You can even find some scripts that parse the list and turn it into an iptables ruleset.
-
Re:They target Tor via the ISP's
It's not a secret where the exit nodes are. In fact, none of the nodes are kept secret.
That said, you usually don't get blocked from websites for hosting a relay node, though you certainly do get blocked from many sites (this one included!) for hosting an exit node.
-
69.55.55.93 caught trying to exploit recent SSL vu
Vuln references:
- http://www.openssl.org/news/secadv_20120419.txt
- http://it.slashdot.org/story/12/04/19/1351203/major-openssl-security-issue-found-and-fixedFrom the tor mailing list url below, they don't sound imo too concerned over it, but imo they really should be and so
should you if you use Tor! Monitor your logs in Tor and be aware of any bad entries highlighted in Vidalia in yellow related
to this vuln!This message was posted to the most recent Tor Blog post comments area, awaiting approval. Please share this information with others and add this IP's fingerprint into your torrc file's block list. They could change their fingerprint at any time, so check the tor router list ( at http://torstatus.blutmagie.de/ ) for this IP or an IP within the range listed below for any new fingerprints and add them to your blocked section of your torrc file.
OFF TOPIC :
Please update the TBB with the newest version of OpenSSL.
Today I received my first ever SSL cert error within Vidalia, using the latest TBB version for my platform of choice.
I have never witnessed this error in the past. The error in the logs showcased several lines of errors, around 4, I believe, and it was directly related to the OpenSSL vuln, in my guess.
I regret not saving the error logs, but at the time I shrugged it off.
I do recall the IP associated with the error:
Router Name: whywouldiwanna
IP: 69.55.55.93
FP: $9e1dd7c6fa7f72b9473daf3f0780bbc7c1ce670fDetail:
http://torstatus.blutmagie.de/router_detail.php?FP=9e1dd7c6fa7f72b9473daf3f0780bbc7c1ce670f
I'm familiar with the related discussion here:
https://lists.torproject.org/pipermail/tor-talk/2012-April/024031.html
but I believe it to be incorrect.
I strongly believe an updated release of all TBB versions' OpenSSL should be updated AT ONCE.
Let's not speculate, put this update into motion!
OrgTechEmail: abuse@realitychecknetwork.com
-
69.55.55.93 caught trying to exploit recent SSL vu
Vuln references:
- http://www.openssl.org/news/secadv_20120419.txt
- http://it.slashdot.org/story/12/04/19/1351203/major-openssl-security-issue-found-and-fixedFrom the tor mailing list url below, they don't sound imo too concerned over it, but imo they really should be and so
should you if you use Tor! Monitor your logs in Tor and be aware of any bad entries highlighted in Vidalia in yellow related
to this vuln!This message was posted to the most recent Tor Blog post comments area, awaiting approval. Please share this information with others and add this IP's fingerprint into your torrc file's block list. They could change their fingerprint at any time, so check the tor router list ( at http://torstatus.blutmagie.de/ ) for this IP or an IP within the range listed below for any new fingerprints and add them to your blocked section of your torrc file.
OFF TOPIC :
Please update the TBB with the newest version of OpenSSL.
Today I received my first ever SSL cert error within Vidalia, using the latest TBB version for my platform of choice.
I have never witnessed this error in the past. The error in the logs showcased several lines of errors, around 4, I believe, and it was directly related to the OpenSSL vuln, in my guess.
I regret not saving the error logs, but at the time I shrugged it off.
I do recall the IP associated with the error:
Router Name: whywouldiwanna
IP: 69.55.55.93
FP: $9e1dd7c6fa7f72b9473daf3f0780bbc7c1ce670fDetail:
http://torstatus.blutmagie.de/router_detail.php?FP=9e1dd7c6fa7f72b9473daf3f0780bbc7c1ce670f
I'm familiar with the related discussion here:
https://lists.torproject.org/pipermail/tor-talk/2012-April/024031.html
but I believe it to be incorrect.
I strongly believe an updated release of all TBB versions' OpenSSL should be updated AT ONCE.
Let's not speculate, put this update into motion!
OrgTechEmail: abuse@realitychecknetwork.com
-
Re:Intimidation
You are talking about search a list of strings for a particular string
I've parsed the Tor list before myself. I'm fully aware of how little effort it takes, and I'm also aware that it's far beyond the capacity of most police departments. Remember, these folks are funded by taxes, and nobody ever wants tax increases. If it's a choice between getting a programmer to parse the Tor list and getting an extra set of body armor, no sane police department is going to pick the programmer.
Then you have someone who lied to the police (which is evidence that can be used against them), and if they destroyed the incriminating evidence, they are guilty of another crime -- destruction of evidence.
Lying to the police is useless without more evidence of wrongdoing, and destruction of evidence is trivial compared to child pornography. The suspect could just be an ass to police for the fun of it.
They could maintain their own up-to-date list of Tor exits, or just download the list before they go ahead and get a search warrant. It is really not that hard.
Maintaining an accurate list is hard. My purpose was to identify incoming Tor connections on my web server. In testing, I found that the list of exit nodes changes significantly within a span of 10 minutes, and the list I was using had update delays of up to 30 minutes. That's enough variation to cast doubt on any list. Linked in TFA is the ExoneraTor, which strives to do exactly what you suggest, but apparently its results can only show that a given exit node was likely to be running or not.
I view it as a threat -- they are telling the guy that he will have to go through this entire situation again if he continues to run a Tor exit.
That's not so much a threat as a statement of fact. It's not a threat for me to tell you that you're likely to be injured if you start throwing punches at random people on the street.
He was never committing a crime to begin with, so why should his behavior change?
He wasn't convicted of a crime or even accused of one. His behavior should change because he's making life more difficult for himself. If he likes making trouble for investigators and himself, fine. It's his choice. He can go through the hassle again.
ICE has no business showing up at an exit node operator's home.
So if a trail of bloody footprints leads from a murder scene to your front door, the police have no business talking to you about it, because those footprints could have been anybody's, and somebody could have used your porch to change shoes, and it's totally not your problem at all, right? Getting a warrant to check for bloody shoes in your closet is unreasonable, and they should have asked you first! Once you tell them that that guy down the street wears shoes sometimes, they should leave you for a while, and ignore the bonfire in your backyard, because you could be innocent, so they should respect your rights at all costs.