how to use Tor securely (Re: Silk Road founder arrested ...)

James A. Donald jamesd at echeque.com
Fri Oct 4 03:16:48 PDT 2013


On 2013-10-04 19:01, Adam Back wrote:
> But the jscript malware was installed via remote compromise onto the Tor
> hidden web server.  Being behind Tor does not particularly add any
> protection to your server, in terms of remote hacking.  Probably static
> content is safer in general even if it doesnt make flashy cursor hover 
> boxes
> and client-side form pre-validation.  Ie instal and turn on noscript - 
> 99%
> of jscript is of no particular use other than making your browser 
> blink and
> show animated ads ;)

Noscript prevents the client from being hacked.  You seem to be telling 
us that the Tor hidden web server was hacked by one of its clients, for 
which problem noscript is irrelevant.

Two security failures:  The feds were able to find the Tor hidden web 
server, and, having found it, there was information on the web server 
that should not have been there.

My understanding is that they found a bunch of Tor machines, installed 
malware by means of rubber hoses, and thus located the Silk Road hidden 
web server.



More information about the cypherpunks mailing list