An anonymous reader writes from a report via Schneier on Security: Two researchers have discovered over 100 Tor nodes that are spying on hidden services. Cory Doctorow from Boing Boing reports: “These nodes — ordinary nodes, not exit nodes — sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against the server-software running on them, seeking to compromise and take them over. The researchers used ‘honeypot’ .onion servers to find the spying computers: these honeypots were .onion sites that the researchers set up in their own lab and then connected to repeatedly over the Tor network, thus seeding many Tor nodes with the information of the honions’ existence. They didn’t advertise the honions’ existence in any other way and there was nothing of interest at these sites, and so when the sites logged new connections, the researchers could infer that they were being contacted by a system that had spied on one of their Tor network circuits. No one knows who is running the spying nodes: they could be run by criminals, governments, private suppliers of ‘infowar’ weapons to governments, independent researchers, or other scholars (though scholarly research would not normally include attempts to hack the servers once they were discovered).” The Tor project is aware of the attack and is working to redesign its system to try and block it. Security firm Bitdefender has issued an alert about a malicious app called EasyDoc that hands over control of Macs to criminals via Tor. Read more of this story at Slashdot.
Read this article:
Researchers Discover Over 100 Tor Nodes Designed To Spy On Hidden Services
An anonymous reader writes: Github’s transparency report for 2015 shows that the site received many DMCA notices that removed more than 8, 200 projects. “In 2015, we received significantly more takedown notices, and took down significantly more content, than we did in 2014, ” Github reports. For comparison, the company received only 258 DMCA notices in 2014, 17 of which responded with a counter-notice or retraction. In 2015, they received 505 takedown notices, 62 of which were the subject of counters or withdrawals. TorrentFreak reports: “Copyright holders are not limited to reporting one URL or location per DMCA notice. In fact, each notice filed can target tens, hundreds, or even thousands of allegedly infringing locations.” September was a particularly active month as it took down nearly 5, 834 projects. “Usually, the DMCA reports we receive are from people or organizations reporting a single potentially infringing repository. However, every now and then we receive a single notice asking us to take down many repositories, ” Github explains. They are called ‘Mass Removals’ when more than 100 repositories are asked to be removed. “In all, fewer than twenty individual notice senders requested removal of over 90% of the content GitHub took down in 2015.” Read more of this story at Slashdot. 