Public IP Addresses of Tor Sites Exposed via SSL Certificates
Lawrence Abrams reports:
A security researcher has found a method that can be used to easily identify the public IP addresses of misconfigured dark web servers. While some feel that this researcher is attacking Tor or other similar networks, in reality he is exposing the pitfalls of not knowing how to properly configure a hidden service.
One of the main purposes of setting up a dark web web site on Tor is to make it difficult to identify the owner of the site. In order to properly anonymize a dark web site, though, the administrator must configure the web server properly so that it is only listens on localhost (127.0.0.1) and not on an IP address that is publicly exposed to the Internet.
Yonathan Klijnsma, a threat researcher lead for RiskIQ, has discovered that there are many Tor sites that utilize SSL certificates and also misconfigure a hidden service so that it is accessible via the Internet.
Read more on Bleeping Computer.