[tor-talk] Hidden service security w. Apache/Win32

[proper at tormail.net]

> Is the time sync spoofing even applicable to hidden services?
> How can the MS time server tampering with the exit nodes be applicable to
hidden services?

It has nothing to do directly with Apache or the hidden service.

For correct operation Tor needs the correct time and date. Windows will
request the time from Microsoft servers, and I am not sure, if this
request is save (authenticated) - if not, an evil exit node can spoof the
reply.

And when Tor isn't properly working, also your hidden service is in danger.

> 2. Exposing the currently running username, computername or even product
ID of the Windows installation. I can't see how it could happen.

When Windows does it's Windows Update the serial number will be send to
Microsoft. Microsoft will see the IP of the exit node (the same one, which
you would see on whatismyip.com). Let's suppose you bought the serial
number from Microsoft, then can connect the serial and the exit node IP.

Microsoft is likely to cooperate with law enforcement and people working
there could be bribed. This proofs you are using Tor (which you wanted to
hide, by tunneling Tor through VPN first).

I have to admit, it's not easy to construct an attack to use that
information for deanonymization, would sound quite paranoid, but it's
about hidden services, so paranoia can not hurt, good security precaution
to avoid such things.

> But what about other virtualization products like Virtualbox?

It can happen to any virtualization product.