Short Bytes: Sarah Jamie Lewis is an independent security researcher who has devised a tool called OnionScan to locate the loopholes in dark web sites. This will allow system admins to find flaws in their websites and minimize the chance of the leakage of their server’s real IP address.
The dark web is meant for protecting the anonymity of the internet users. However, if one chooses to host his/her website on the same, it also provides the anonymity benefits to the website owners. Sadly, many website admins make the mistake while setting up their websites and allow the leakage of their server’s real IP address.
To solve this problem, a security researcher has devised a tool that scans the Tor hidden services and websites for vulnerabilities and issues. This means that if you are hosting a dark web site, you can make sure that your website is really protected.
Called OnionScan, this program checks websites for issues that may compromise your website’s security and unmask the servers and reveal their owners. This issues could be related to some open server status page or some metadata in the images of the website revealing the coordinates of the place where the picture was taken.
Sarah Jamie Lewis, the independent security researcher who came up with this tool, tells Motherboard, “I want anonymity tools to be the best; there are people whose lives depend on them.”
Work in Progress. Who would like an automated way to see how bad at anonymity your onion service is? pic.twitter.com/qCDs3laoiV
— Sarah Jamie Lewis (@SarahJamieLewis) April 5, 2016
She explains further by calling it pretty much same as any web security scanner specialized for deanonymization vectors. Lewis mentions that during her research earlier this year, she stumbled upon many flaws in hidden services and it inspired to devise OnionScan.
As a part of her research, Lewis started with the dark web markets. While some websites tried to follow security measures like two-factor authentication, many websites were failing to employ basic security features.
“If so may of those sites are failing themselves and their users, I am willing to bet so are anonymous political blogs and other users who desperately need the anonymity,” she says.
OnionScan’s first version will be released later this weekend. Stay tuned with fossBytes for further updates.