1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[just in] half of tor sites compromised, including tormail

Discussion in 'Proxies' started by loclhero, Aug 4, 2013.

  1. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    • Thanks Thanks x 4
  2. SEO20

    SEO20 Elite Member

    Joined:
    Mar 25, 2009
    Messages:
    2,017
    Likes Received:
    2,259
    Don't G and the other big guys already figured out if it's a proxy or not.
    They just don't mind for scraping and such?
     
  3. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    The scariest part is this

    "A few days ago there were mass outages of Tor hidden services that predominantly effected Freedom Hosting websites.

    http://postimg.org/image/ltj1j1j6v/

    "Down for Maintenance
    Sorry, This server is currently offline for maintenance. Please try again in a few hours."

    If you saw this while browsing Tor you went to an onion hosted by Freedom Hosting. The javascript exploit was injected into your browser if you had javascript enabled.

    What the exploit does:

    The JavaScript zero-day exploit that creates a unique cookie and sends a request to a random server that basically fingerprints your browser in some way, which is probably then correlated somewhere else since the cookie doesn't get deleted. Presumably it reports the victim's IP back to the FBI."
     
  4. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,783
    Likes Received:
    6,319
    Home Page:
    Wow I thought that was impossible.
     
  5. SEO20

    SEO20 Elite Member

    Joined:
    Mar 25, 2009
    Messages:
    2,017
    Likes Received:
    2,259
    Auuuuuuuuchhhhhhhhhhhhh
     
  6. JFoulds

    JFoulds Power Member

    Joined:
    Apr 22, 2011
    Messages:
    538
    Likes Received:
    480
    Occupation:
    Genius billionaire playboy philanthropist
    This has pretty much nothing at all to do with the security of the Tor network for anonymous browsing, and as far as I can see the 'half of Tor sites' is completely plucked from nowhere?
     
  7. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,844
    Likes Received:
    7,452
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    All Tor traffic goes out through the SOCKS proxy, even if the JS infects the Tor bundle browser and it pings the police, it pings them via the SOCKS proxy and through the Tor circuit so the cops see the IP of the exit node.

    There's more to this story we're not being told, or more likely, whoever reported this has no idea how the exploit works.

    JS is not able to uncover your IP if you're using the Tor bundle. It would have to gain local access outside the browser sandbox.
     
  8. JFoulds

    JFoulds Power Member

    Joined:
    Apr 22, 2011
    Messages:
    538
    Likes Received:
    480
    Occupation:
    Genius billionaire playboy philanthropist
    Last time I checked, Tor was a proxy connection, not a VPN. If you exploit the browser and gain local access to their system you can certainly send HTTP traffic without touching Tor or the Tor network, unless you've got some pretty serious outbound traffic filtering tables on your network...

    Regardless, this is absolutely nothing to do with Tor being insecure, as I have said.
     
  9. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    You guys know more about this stuff than me for sure. It just sounded bad so figured I'd throw it out there for y'all to see.
     
    • Thanks Thanks x 3
  10. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,844
    Likes Received:
    7,452
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    Tor is not a HTTP proxy, it is a SOCKS proxy. It should capture all traffic to/from the web browser. Maybe they found a way to force the browser to bypass the proxy....

    Agree that this doesn't make Tor insecure, this is a specific exploit, not a flaw in how Tor works.
     
  11. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,844
    Likes Received:
    7,452
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    It's a great share, this post. I just got caught up in the technical discussion because I honestly wonder how the exploit bypasses the SOCKS proxy.
     
  12. JFoulds

    JFoulds Power Member

    Joined:
    Apr 22, 2011
    Messages:
    538
    Likes Received:
    480
    Occupation:
    Genius billionaire playboy philanthropist
    The idea is that the exploit allows them to execute code remotely on the target system, not just within the target web browser. It's been said for years to turn off JavaScript and the like while browsing through Tor to retain total anonymity anyway, hopefully this will bring that to peoples attention :)

    EDIT: Yeah, to clarify, thanks to the OP for the share - I was speaking on a technical front rather than a journalistic one, it's definitely interesting stuff
     
    • Thanks Thanks x 2
  13. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    Good point. My needs for proxies isn't like a lot of other BH'ers, at least not these days. But it took me some time before I realized that my ip could be leaked if i didn't disable javascript even while using any type of proxy. Hopefully people will remember that.
     
    • Thanks Thanks x 1
  14. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,120
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    it is amazing how many people think they're invisible online.
     
    • Thanks Thanks x 1
  15. Lalalaenhund

    Lalalaenhund Power Member

    Joined:
    Sep 14, 2010
    Messages:
    737
    Likes Received:
    418
    Location:
    errywhere
    This is why they recommend you to disable javascript when using tor
     
  16. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,120
    Occupation:
    Chair moistener.
    Location:
    Cyberspace