OnionScan Tests The Anonymity Of Dark Net Domains

Security researcher Sarah Jamie Lewis developed and released a software called ”OnionScan”, which ”lets you scan it automatically for common vulnerabilities and errors that can de-anonymize the owner or users.”

When Lewis first discovered the dark web, she started looking at the current dark net markets and found out that most of these websites are quite vulnerable. However, the point of these domains should be to provide anonymity to the buyers and sellers at the market, as well as to the admins. While hidden services are not vulnerable at many points that normal (clearnet) domains are, they still have much to improve. According to Lewis, the most common mistakes are made by operators of the dark net markets. Lewis calls attention to frequent misconfigurations in the servers that leave important administrator pages accessible. This can reveal the tools used to build a site, as well as other services run by the same party. Also a common issue to see images that have not been stripped of EXIF data, which can include the device they were taken with and even the location they were taken. Abusing these bugs or mistakes, someone can easily identify the owner of the hidden

Read more ... source: TheBitcoinNews