Half of all Tor sites compromised
-
http://www.twitlonger.com/show/n_1rlo0uu
So the FBI apparently hosted a javascript exploit on the TOR network that allows identification of so-called anonymous accounts, via javascript & cookie, possibly the most obvious and easy-to-block mechanism.
While the "anti-child-porn" banner they are flying is laudable, I doubt that kiddie diddlers are the only targeted group.
-
Why would anyone use same browser for tor sites and normal sites? Especially with stuff like https://www.torproject.org/projects/torbrowser.html.en
-
@scudsucker said:
http://www.twitlonger.com/show/n_1rlo0uu
All Tor traffic is compromised, given that the whole thing is an NSA project.
So the FBI apparently hosted a javascript exploit on the TOR network that allows identification of so-called anonymous accounts, via javascript & cookie, possibly the most obvious and easy-to-block mechanism.
While the "anti-child-porn" banner they are flying is laudable, I doubt that kiddie diddlers are the only targeted group.
-
@TDWTF123 said:
All Tor traffic is compromised, given that the whole thing is an NSA project.
Precisely. And when they found out that it wasn't growing fast enough, the NSA sent Snowden on a mission to suggest all normal internet traffic is monitored, in the hope of driving more people to TOR. Proof? Snowden has implicated almost all protocols, except TOR. Coincidence?
-
@Kikaimaru said:
Why would anyone use same browser for tor sites and normal sites? Especially with stuff like https://www.torproject.org/projects/torbrowser.html.en
Because the so-called "Tor Browser" is just Firefox with some minor configuration changes.And people are stupid.
-
@scudsucker said:
http://www.twitlonger.com/show/n_1rlo0uu
So the FBI apparently hosted a javascript exploit on
the TOR networka company that provides free shared hosting for Tor hidden-services that allows identification of so-called anonymous accounts, viajavascript & cookiea 0-day Firefox exploit, possibly the most obvious and easy-to-block mechanism.While the "anti-child-porn" banner they are flying is laudable, I doubt that kiddie diddlers are the only targeted group.
-
@Kikaimaru said:
Why would anyone use same browser for tor sites and normal sites? Especially with stuff like https://www.torproject.org/projects/torbrowser.html.en
I think that's the exact browser they targeted. It comes with Javascript enabled to make it more "user friendly" but apparently that wasn't a good idea.
-
@TDWTF123 said:
All Tor traffic is compromised, given that the whole thing is an NSA project.
Actually, it came from the US Navy (From http://en.wikipedia.org/wiki/Tor_(anonymity_network)#History).
-
@El_Heffe said:
@Kikaimaru said:
Why would anyone use same browser for tor sites and normal sites? Especially with stuff like https://www.torproject.org/projects/torbrowser.html.en
Because the so-called "Tor Browser" is just Firefox with some minor configuration changes.And people are stupid.
It seems to me that this allows a double-installation of your favorite browser. Which is useful, since we know that for multiple reasons all history may or may not get cleared when you hit Clear History -button. By using separate installations, you make sure that info (say, cookies) is not shared between "Tor" and "Other". And they're labeled differently too, just in case you forget which one is for which.
On another note, raise your hand if you did NOT check your installed browser version upon hearing of this. ...Blakey does not count!
-
@ShawnD said:
Actually, it came from the US Navy (From http://en.wikipedia.org/wiki/Tor_(anonymity_network)#History).
That's what THEY want you to think.
-
@ShawnD said:
I was joking. You can tell it's not the NSA because the cost's too small. Probably Mossad, really.@TDWTF123 said:
All Tor traffic is compromised, given that the whole thing is an NSA project.
Actually, it came from the US Navy (From http://en.wikipedia.org/wiki/Tor_(anonymity_network)#History).
-
And now Tor is advising people to not use Windows. Because a 0day vulnerability in Firefox is obviously Microsoft's fault, not Mozilla's.
Idiocy like this is what keeps me convinced that most open-source projects are run by gibbering retards.
-
@The_Assimilator said:
And now Tor is advising people to not use Windows. Because a 0day vulnerability in an old version of Firefox is obviously Microsoft's fault, not Mozilla's.
TRWTF - forking a branch of a project and failing to keep on top of security updates on the main branch.
-
@PJH said:
forking a branch of a project and failing to keep on top of security updates on the main branch.
I can't find anything that says Tor forked Firefox. They just appear to be using FF 17 as supplied by Mozilla and applying some customizations to it. @PJH said:Because a 0day vulnerability in an old version of Firefox is obviously Microsoft's fault, not Mozilla's
FF 17 is supposed to be their "Extended Service Release" -- it still gets updated even though it's old. And in fact Mozilla patched the Jasvascript exploit on June 25 and it appears that Tor immediately began putting the pathced version into their "Tor Browser Bundle".TRWTF is telling people not to use Windows because of all this.
-
@El_Heffe said:
TRWTF is telling people not to use Windows because of all this.
If you're a moron and you want security, don't use Windows.
Instead, unplug your computer.(Morons aren't very good at security.)
-
@Ben L. said:
@El_Heffe said:
TRWTF is telling people not to use Windows because of all this.
If you're a moron and you want security, don't use Windows.
Instead, unplug your computer.(Morons aren't very good at security.)
In the history of consumer operating systems, Windows 8 has the lowest number of zero-day exploits. There is a theory that it's because the people who code Windows don't have to spend half their time dealing with a broken source control mangler like Git.
-
@Ronald said:
In the history of consumer operating systems, Windows 8 has the lowest number of zero-day exploits.
Compared to what? All other OS's by 12 months after release? How many zero-day exploits did 3.11 have 12 months after its release? '98?
In fact how many zero-day has 3.11 had ever?
-
@PJH said:
@Ronald said:
In the history of consumer operating systems, Windows 8 has the lowest number of zero-day exploits.
Compared to what? All other OS's by 12 months after release? How many zero-day exploits did 3.11 have 12 months after its release? '98?
In fact how many zero-day has 3.11 had ever?Who cares about 3.11? Compared with O/S of the same period, Windows 8 has proven to be more secure. Even Windows 7 was a big step forward. Find something else than security to bash Windows (there are lots of choices).
-
@Ronald said:
Compared with O/S of the same period
Where have the goalposts gone? Ah - there they are...
-
@Ronald said:
Find something else than security to bash Windows
The Windows kernel is fine these days, security-wise. I'm not convinced that they've managed to purge all the problems with user-side code yet (particularly the “throw it over the wall” approach to the Open action). There have been some terrible decisions taken in the past, and the practices encouraged by those decisions are still ingrained in much third-party code, which MS hates to break for (understandable) business reasons. But at least things are a lot better than they used to be.