[tor-talk] Please suggest domain registrats that are Tor (and bitcoin) friendly.

Zenaan Harkness zen at freedbms.net
Mon Jun 13 01:01:36 UTC 2016


> Here's the point: in a VPS situation, you are, absolutely, at the mercy of
> the provider of the VPSes, and possibly to the providers of the data
> center.

And here's a topical article if you ain't seen it yet:
https://it.slashdot.org/story/16/06/11/1247240/bitdefender-finds-hypervisor-wiretap-for-reading-tls-encrypted-communications
"
Orome1 quotes a report from HelpNetSecurity:
Bitdefender has discovered that encrypted communications can be decrypted
in real-time using a technique that has virtually zero footprint and is
invisible to anyone except extremely careful security auditors. The
technique, dubbed TeLeScope, has been developed for research purposes and
proves that a third-party can eavesdrop on communications encrypted with
the Transport Layer Security (TLS) protocol between an end-user and a
virtualized instance of a server.

Bitdefender says the new technique "works to detect the creation of TLS
session keys in memory as the virtual machine is running." According to
HelpNetSecurity, this vulnerability "makes it possible for a malicious
cloud provider, or one pressured into giving access to three-letter
agencies, to recover the TLS keys used to encrypt every communication
session between virtualized servers and customers. CIOs who are
outsourcing their virtualized infrastructure to a third-party vendor
should assume that all of the information flowing between the business and
its customers has been decrypted and read for an undetermined amount of
time."
"


More information about the tor-talk mailing list