Softpedia reports that an interaction between Tor and HTTP Gzip compression can narrow down the location of a server hosting Tor hidden services by leaking the local time zone (archived). This allows investigators to substantially narrow down the geographic location of a Tor hidden service server.
 |
Qntra - Herald Of The Most Serene Republic |
Who the hell sets a server to local political time, anyway??
Likely people who have not yet taken step 1 and realized their lives had become unmanageable.
This is vastly sensationalized, I expected Qntra to fall for it with their usual TOR hate though :(
Most servers don't send the time at all, while the rest send UTC. It seems to be an issue with Windows servers, and if you're running an hidden service on Windows you have other problems. The guy who found the "issue", a self-described "Agilist" is just your typical masturbating monkey fishing for attention.
Meanwhile, Qntra missed on a lot of security news:
http://www.hardocp.com/news/2016/02/20/hundreds_spotify_accounts_exposed_online/
http://it.slashdot.org/story/16/02/20/0455248/comodo-antivirus-tech-support-feature-lets-anyone-connect-to-your-pc
https://soylentnews.org/article.pl?sid=16/02/17/0142250
http://yro.slashdot.org/story/16/02/08/1610255/metel-hackers-roll-back-atm-transactions-steal-millions
http://it.slashdot.org/story/16/02/18/1626205/stealing-keys-from-a-laptop-in-another-room-and-offline
1. Fuck Spotify
2. Fuck Comodo
3. Needs more digging
4. largely eclipsed in lulz by http://qntra.net/2016/02/bitcointalk-default-trust-member-escrow-ms-arrested-for-debit-card-fraud/
5. Still being dug into, but stealing bits with antennas is not in itself novel.
Here with this time zone leak is a problem found in the wild that has concrete actionable remedies, so it is news.
> Claims Qntra missed on a lot of security news
> Leads with lolitem about hundreds of users of service nobody heard about.
What the fuck is that, random VC powered webshits trying to advertise or something ?
FTR, the important part about the laptop story is that ECDSA IS WEAK.
But apparently not weak in a way that would let Hitler pocket the Satoshi hoard…
Chaining ftw eh.
What does that even mean? Does that mean that Qntra missed solving those problems? Do you really expect Qntra to report on everything, everywhere, all the time, for nothing? Monster ingratitude. On steroids.
You already have places to read what you want to read, obviously, why do you expect Qntra to duplicate other people's work? Logically, you do not want to read stories on Qntra that you can read elsewhere; quite apart from the fact that you have already read them once, you should want Qntra to be a unique resource with a unique position, whether you agree with it or not.
Really…
Not only you're only trying to straw-man me without actually replying to things that matter, you also missed that this "story" is found on every other shitty website, which is why I was disappointed to see it appear on Qntra, with the same level of technical ignorance I found with the other "journalists".
But no, you had to try to keep the circlejerk alive, at all costs. That's what truly matters.
So the response is that those other news are not important. Fine. But that's besides the point: this thing isn't either, and the title is misleading.
This is a worse circlejerk than reddit.
Define worse, circlejerk and reddit.