Hackers exploiting tor clients on .onion sites?

pigpoked at Safe-mail.net pigpoked at Safe-mail.net
Sun Jun 14 08:53:16 UTC 2009

I explored a few of the common .onion sites listed at Wikipedia's tor page listed within the external links footer. These sites loaded well, but I noticed several errors in my tor client logs. I googled for info on the errors, some of the error messages turned up in cvs related pages and bug talks, but lacked definite information. I didn't retain the error messages, but I won't be visiting .onion sites in the future as it feels to me by the open nature of some of the .onion sites where users post messages or edit wikis anonymously, malicious users may have the ability to target the small audience of users at these sites: tor users and their clients. I only discovered these errors when visiting a few .onion sites.

My tor client did not exhibit strange behavior during or after these error messages were displayed, but as some of the error messages appeared entirely in CAPS, I thought to post here. As I didn't retain the error messages, this post is vague - sorry! I am concerned. This is not to discourage others from visiting .onion sites, but to raise awareness about the possibility of rogue behavior on some .onion sites, most probably by anonymous users, not the .onion admins.

Should this concern me? What steps could be taken to safeguard the tor client from possible attacks, if any, from .onion websites?

More information about the tor-talk mailing list