Public IP Addresses of Tor Sites Exposed via SSL Certificates

Discussion in 'privacy problems' started by guest, Sep 4, 2018.

  1. guest

    guest Guest

    Public IP Addresses of Tor Sites Exposed via SSL Certificates
    September 4, 2018
    https://www.bleepingcomputer.com/ne...es-of-tor-sites-exposed-via-ssl-certificates/
     
    guest, Sep 4, 2018
    #1
  2. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    In order to protect a site from being exposed in this manner, it's quite simple according to the researcher. "They should only listen on 127.0.0.1."

    Better yet, they should only listen unix socket if running under Linux...
     
    Stefan Froberg, Sep 4, 2018
    #2
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yeah, this is one of the ways that SR1 got pwned. Apache error messages on 0.0.0.0 :( Gotta watch out for that 0.0.0.0 (aka every available interface) binding! It's all too common as default. Because, you know, it just works :(
     
    mirimir, Sep 4, 2018
    #3
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...