[tor-talk] Facebook brute forcing hidden services

Thomas White thomaswhite at riseup.net
Fri Oct 31 12:41:05 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tl;dr You can now log into facebook via a Hidden Service.

- -T

On 31/10/2014 12:37, David Rajchenbach-Teller wrote:
> That article is extremely vague. Can someone explain exactly what 
> happened for someone like me who has very limited understanding of 
> Tor?
> 
> Thanks, David
> 
> On 31/10/14 13:23, Mike Cardwell wrote:
>> https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237
>>
>>
>>
>> 
So Facebook have managed to brute force a hidden service key for:
>> 
>> http://facebookcorewwwi.onion/
>> 
>> If they have the resources to do that, what's to stop them brute
>>  forcing a key for any other existing hidden service?
>> 
>> 
>> 
> 
> 
> 
> 

- -- 
Fingerprint: 9DB0 082F 8FE2 E691 DA2A 6D03 4DAE 4226 9EB0 EB0B
Fingerprint: FAA4 2253 AA4B 38D0 1BC4 085E F688 CEF6 F9BF D57F
OTR IRC: DF63021D 27973EAA 02FA4DF6 9E52C9E0 8821E0EF
OTR XMPP: 77DB65BC C417C4DD 19F9664D 83D6D3FB 6C3D3A0E

Twitter: https://twitter.com/CthulhuSec

Not familiar with PGP? Get started today:
http://www.bitcoinnotbombs.com/beginners-guide-to-pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJUU4NgAAoJEE2uQiaesOsLTgQP/2yg+3CDeqecy0/laqdWEgYd
pjUUE27m9+f2RmyXgACHDNJyRMGs1mUQNjiSj/+FDUjWUpOMfhWlaaXavdadluYZ
2MI/I35broo5//Bmq4OM2SzEzy4Xmj+EAmGajXou9LdbxLA9l9TYMGIcN+Vdt3sc
6rZasOFf3oM2TYASnazkgnksvanXtJxXjR+JBJCX/D64a9ppCKkTvQNtdNF9UBzn
nDqauvfHwSdNJNoLz1fx6UL7oEgl0dlW2AdMw3olZTtaVV4YZKQh3rPQCXqhQngW
9jM1ckcaLGIf2O6taGAIgHt5YeefVbEkasFo1XIHhqfXBDtk9Y540Z+k+v7GvrFM
/2w8i3Mhsm9Yul320KPMnh/V2zN2NKEj1SnoJdJMajROxrJ6P01bmdOzrBMmzWj3
//5mnrJ8uABkyk/i4ATrMgxokCK2/A2KbP6hlfdq7vE37WUpzXptxvEj0H3Q9zjb
UDwIKIpelxieKJYSLuwXWwXeWTuAO1n9Y8i9O86X23Z8EpHWmjXEaaiTge2yEasC
oRZRq/LqKlnyI7bz5ToeGFmppuButytcee4lJzlEsLnd/7x+SHxjDRCzbJo9Dnoc
aAnNmMufgCjLTB+btXFHwJ2FTNf609ONP9ZuGbDlwLWumHakdnYyJWj1GrmmlJ7k
7oq5g8KsZXqrW75ObJgx
=+wmk
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list