Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
June 22, 2012, 02:14:18 PM |
|
And that BS about Gmail was retarded, they don't index or publish your mail, they just scan it for keywords to provide relevant advertising.
That and stalk teenagers... Keep drinking the koolaid.
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 22, 2012, 02:14:53 PM |
|
And that BS about Gmail was retarded, they don't index or publish your mail, they just scan it for keywords to provide relevant advertising.
That and stalk teenagers... Keep drinking the koolaid. Yeah that too lol. I forgot about that one.
|
|
|
|
TORwallet (OP)
Newbie
Offline
Activity: 41
Merit: 0
|
|
June 22, 2012, 08:34:40 PM |
|
It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.
We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
June 25, 2012, 03:43:00 AM |
|
Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net. It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.
We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
Gladamas
Sr. Member
Offline
Activity: 294
Merit: 250
Bitcoin today is what the internet was in 1998.
|
|
June 25, 2012, 04:08:39 AM |
|
Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net. It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.
We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.
Can't they encrypt the code?
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
June 25, 2012, 09:20:54 AM |
|
Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.
badum-tssss
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 25, 2012, 02:27:01 PM |
|
Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.
badum-tssss Same goes for your service, just depends on who gets hacked first.
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
June 25, 2012, 09:16:05 PM |
|
Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.
badum-tssss Same goes for your service, just depends on who gets hacked first. http://xkcd.com/703/
|
|
|
|
TORwallet (OP)
Newbie
Offline
Activity: 41
Merit: 0
|
|
June 25, 2012, 09:35:33 PM |
|
Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net. It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.
We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.
Hacking of torwallet.net will expose absolutely nothing. https://torwallet.net is nothing more than a proxy, and actually has more in common with a port forward in your router. It doesn't even understand http and does nothing more than pipe data through tor. In fact, here is the command we use. socat openssl-listen:443,fork,reuseaddr,su=nobody socks4a:127.0.0.1:nci2szjrwjqw2zbi.onion:80,socksport=9050 Hacking of nci2szjrwjqw2zbi.onion would reveal current balances, however the attack surface is limited to a single port.
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
June 27, 2012, 05:03:04 AM |
|
Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net. It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.
We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.
Hacking of torwallet.net will expose absolutely nothing. https://torwallet.net is nothing more than a proxy, and actually has more in common with a port forward in your router. It doesn't even understand http and does nothing more than pipe data through tor. In fact, here is the command we use. socat openssl-listen:443,fork,reuseaddr,su=nobody socks4a:127.0.0.1:nci2szjrwjqw2zbi.onion:80,socksport=9050 Hacking of nci2szjrwjqw2zbi.onion would reveal current balances, however the attack surface is limited to a single port. Just for example, I have the following wallet: https://www.torwallet.net/w/c85f0c2c5347caf6b302cebabed0e93c3ce023d6739b1e502128cbaa7042eddbTherefore, anyone who knows the code "c85f0c2c53.............." can redeem all coins in my wallet. A hacker can obtain the private key of torwallet.net's certificate, and he will learn the code "c85f0c2c53.............."
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 27, 2012, 01:10:14 PM |
|
Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net. It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.
We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.
Hacking of torwallet.net will expose absolutely nothing. https://torwallet.net is nothing more than a proxy, and actually has more in common with a port forward in your router. It doesn't even understand http and does nothing more than pipe data through tor. In fact, here is the command we use. socat openssl-listen:443,fork,reuseaddr,su=nobody socks4a:127.0.0.1:nci2szjrwjqw2zbi.onion:80,socksport=9050 Hacking of nci2szjrwjqw2zbi.onion would reveal current balances, however the attack surface is limited to a single port. Just for example, I have the following wallet: https://www.torwallet.net/w/c85f0c2c5347caf6b302cebabed0e93c3ce023d6739b1e502128cbaa7042eddbTherefore, anyone who knows the code "c85f0c2c53.............." can redeem all coins in my wallet. A hacker can obtain the private key of torwallet.net's certificate, and he will learn the code "c85f0c2c53.............." However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal. Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
June 27, 2012, 03:49:24 PM |
|
Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net. It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.
We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.
Hacking of torwallet.net will expose absolutely nothing. https://torwallet.net is nothing more than a proxy, and actually has more in common with a port forward in your router. It doesn't even understand http and does nothing more than pipe data through tor. In fact, here is the command we use. socat openssl-listen:443,fork,reuseaddr,su=nobody socks4a:127.0.0.1:nci2szjrwjqw2zbi.onion:80,socksport=9050 Hacking of nci2szjrwjqw2zbi.onion would reveal current balances, however the attack surface is limited to a single port. Just for example, I have the following wallet: https://www.torwallet.net/w/c85f0c2c5347caf6b302cebabed0e93c3ce023d6739b1e502128cbaa7042eddbTherefore, anyone who knows the code "c85f0c2c53.............." can redeem all coins in my wallet. A hacker can obtain the private key of torwallet.net's certificate, and he will learn the code "c85f0c2c53.............." However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal. Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it. The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 27, 2012, 03:52:37 PM |
|
However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.
Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.
The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint.
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
June 27, 2012, 04:40:05 PM |
|
However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.
Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.
The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint. One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 27, 2012, 04:57:54 PM |
|
However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.
Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.
The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint. One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings That is not correct. Torwallet.net does not contain any private keys, and it is a separate server from the .onion site. They are not hosted on the same server. Not sure what's so hard to understand about that.
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
June 27, 2012, 05:07:13 PM |
|
However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.
Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.
The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint. One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings That is not correct. Torwallet.net does not contain any private keys, and it is a separate server from the .onion site. They are not hosted on the same server. Not sure what's so hard to understand about that. I mean private key of the SSL certificate, not private key of BTC accounts. Not sure what's so hard to understand about that......
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 27, 2012, 05:09:14 PM |
|
However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.
Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.
The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint. One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings That is not correct. Torwallet.net does not contain any private keys, and it is a separate server from the .onion site. They are not hosted on the same server. Not sure what's so hard to understand about that. I mean private key of the SSL certificate, not private key of BTC accounts. Not sure what's so hard to understand about that...... I know you meant that, and you are incorrect. The private key of the SSL certificate is stored on the .onion site, not on the torwallet.net server. Perhaps you should look closer at how socat works: it has the option to serve up its own certificate, but that is not in use here. It is simply concatenating data between ports 443 and 9050, in both directions.
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
June 27, 2012, 05:14:18 PM |
|
However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.
Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.
The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint. One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings That is not correct. Torwallet.net does not contain any private keys, and it is a separate server from the .onion site. They are not hosted on the same server. Not sure what's so hard to understand about that. I mean private key of the SSL certificate, not private key of BTC accounts. Not sure what's so hard to understand about that...... I know you meant that, and you are incorrect. The private key of the SSL certificate is stored on the .onion site, not on the torwallet.net server. Perhaps you should look closer at how socat works: it has the option to serve up its own certificate, but that is not in use here. It is simply concatenating data between ports 443 and 9050, in both directions. I mean the private key of the SSL certificate of torwallet.net, not the SSL certificate of the .onion site ......
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 27, 2012, 05:16:33 PM |
|
I know you meant that, and you are incorrect. The private key of the SSL certificate is stored on the .onion site, not on the torwallet.net server. Perhaps you should look closer at how socat works: it has the option to serve up its own certificate, but that is not in use here. It is simply concatenating data between ports 443 and 9050, in both directions.
I mean the private key of the SSL certificate of torwallet.net, not the SSL certificate of the .onion site ...... The SSL private key for torwallet.net is stored on the .onion server, and the .onion server does all the encryption and decryption. That's why it's a little slow; all the traffic must pass through tor first to get to and from the remote .onion server torwallet.net does not have a private key of its own stored on it or in use for it.
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
June 27, 2012, 05:22:32 PM |
|
I know you meant that, and you are incorrect. The private key of the SSL certificate is stored on the .onion site, not on the torwallet.net server. Perhaps you should look closer at how socat works: it has the option to serve up its own certificate, but that is not in use here. It is simply concatenating data between ports 443 and 9050, in both directions.
I mean the private key of the SSL certificate of torwallet.net, not the SSL certificate of the .onion site ...... The SSL private key for torwallet.net is stored on the .onion server, and the .onion server does all the encryption and decryption. That's why it's a little slow; all the traffic must pass through tor first to get to and from the remote .onion server torwallet.net does not have a private key of its own stored on it or in use for it. oh sorry, I don't know this is possible! Thank you!
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
|