Half of all Tor sites compromised, Freedom Hosting founder arrested. - page 2.

humanitee

hero member

Activity: 1302

Merit: 502

Quote from: Kazu on August 04, 2013, 09:43:33 PM

Forgive me if I'm being naiive, but this doesn't quite make sense to me?

So somehow freedom hosting was hacked, and the hacker put some malicious JS on each of freedom hosting's hosted websites, and used that hack to put software on freedom hosting's machine to ascertain its location. That part seems reasonable & believable. But, apparently the JS somehow got at the viewer's IP? That seems like, sorta a major bug in the Tor software? Couldn't any admin anywhere use that code to get at the viewer's IP, in theory? Unless I'm understanding something wrong?

EDIT: so the tor browser had some sort of a glitch that allowed malware to be downloaded to the computers, and then apparently ping one of the attacker's computers outside of tor to get the IP of the viewer?

Basically you can do that with Flash, Javascript, and a few other web languages.

Usually NoScript stops all these things in the browser bundle, but they don't have it enabled by default because it breaks a lot of sites and they are trying to capture more, less savvy users.

Kazu

full member

Activity: 168

Merit: 100

Forgive me if I'm being naiive, but this doesn't quite make sense to me?

So somehow freedom hosting was hacked, and the hacker put some malicious JS on each of freedom hosting's hosted websites, and used that hack to put software on freedom hosting's machine to ascertain its location. That part seems reasonable & believable. But, apparently the JS somehow got at the viewer's IP? That seems like, sorta a major bug in the Tor software? Couldn't any admin anywhere use that code to get at the viewer's IP, in theory? Unless I'm understanding something wrong?

EDIT: so the tor browser had some sort of a glitch that allowed malware to be downloaded to the computers, and then apparently ping one of the attacker's computers outside of tor to get the IP of the viewer?

DogtownHero

member

Activity: 70

Merit: 10

j-coin//just 4 cpu's

tor is neither anonymous, or secure. you're all a bunch of fucking idiots. its a NSA spying network, and you idiots keep taking the bait.

01BTC10

vip

Activity: 756

Merit: 503

Quote from: BitCoiner2012 on August 04, 2013, 09:22:59 PM

I am still a bit confused, are the users that were injected/infected the ones affected, or all users of the Tormail, IE the database and all data within it? I really can't derive this from the story. Both are important, but one is a lot more potent!

Quote

According to a Sunday blog post by the Tor Project's Executive Director, Andrew Lewman, the servers of Freedom Hosting were breached before the service went offline. "From what is known so far, the breach was used to configure the server in a way that it injects some sort of JavaScript exploit in the Web pages delivered to users," Lewman wrote. "This exploit is used to load a malware payload to infect user's computers.

They most likely dumped all databases if they could but didn't physically seized the servers since they don't know the exact location.

Quote

The servers themselves are likely run on a "bulletproof" hosting service in Romania or Russia; Irish law enforcement authorities told the court Friday that Marques had transferred large sums of money to accounts in Romania and had been investigating obtaining a visa to enter Russia.

http://arstechnica.com/tech-policy/2013/08/alleged-tor-hidden-service-operator-busted-for-child-porn-distribution

BitCoiner2012

sr. member

Activity: 364

Merit: 250

I am still a bit confused, are the users that were injected/infected the ones affected, or all users of the Tormail, IE the database and all data within it? I really can't derive this from the story. Both are important, but one is a lot more potent!

vokain

legendary

Activity: 1834

Merit: 1019

Quote from: 01BTC10 on August 04, 2013, 08:33:57 PM

Quote from: vokain on August 04, 2013, 08:28:49 PM

If i remember correctly there was a type of tormail you could use that did not use javascript when accessing your email

You had the choice between http://roundcube.net and http://squirrelmail.org

I think Squirelmail don't need JS.

you're right, that one didn't.

01BTC10

vip

Activity: 756

Merit: 503

Quote from: vokain on August 04, 2013, 08:28:49 PM

If i remember correctly there was a type of tormail you could use that did not use javascript when accessing your email

You had the choice between http://roundcube.net and http://squirrelmail.org

I think Squirelmail don't need JS.

vokain

legendary

Activity: 1834

Merit: 1019

If i remember correctly there was a type of tormail you could use that did not use javascript when accessing your email

ElectricMucus

legendary

Activity: 1666

Merit: 1057

Marketing manager - GO MP

Time to come up with a more hardened alternative to tor. The problem is that on a hidden service the content is accessible in clear text at the physical location. With 3rd party hosting the cloud should run on a shared virtual machine where information is encrypted at all points. This might be possible to do even with tor, or not.
There is supposedly this thing: https://github.com/Miserlou/OnionCloud

But I get the feeling that's not enough.

01BTC10

vip

Activity: 756

Merit: 503

Tor was not compromised. Only the servers hosting half of the hidden service and users browser if JS was not disabled.

fr33d0miz3r

hero member

Activity: 518

Merit: 500

Quote from: adamstgBit on August 04, 2013, 07:42:53 PM

dencentralized domain name service .bit

you mean .adamstgBit ?

Seriuosly, domain names .onion are not affected. There are problems with hosting service.
Namecoin can't resolve problems with hostings, JS exploits, etc.

humanitee

hero member

Activity: 1302

Merit: 502

Quote from: adamstgBit on August 04, 2013, 07:42:53 PM

dencentralized domain name service .bit

I wish it were that easy. Tor != namecoin

adamstgBit

legendary

Activity: 1904

Merit: 1037

Trusted Bitcoiner

Quote from: fr33d0miz3r on August 04, 2013, 07:40:04 PM

Quote from: adamstgBit on August 04, 2013, 07:39:02 PM

Time to buy NameCoin Huh

why? namecoin is not a hosting.

dencentralized domain name service .bit

fr33d0miz3r

hero member

Activity: 518

Merit: 500

Quote from: adamstgBit on August 04, 2013, 07:39:02 PM

Time to buy NameCoin Huh

why? namecoin is not a hosting.

adamstgBit

legendary

Activity: 1904

Merit: 1037

Trusted Bitcoiner

Time to buy NameCoin Huh

cedivad

legendary

Activity: 1176

Merit: 1001

Most interesting reading in a while, thanks.

crumbs

full member

Activity: 210

Merit: 100

Quote from: 01BTC10 on August 04, 2013, 07:20:50 PM

Quote from: crumbs on August 04, 2013, 07:20:12 PM

Quote from: humanitee on August 04, 2013, 06:53:11 PM

All users would have been safe if they would have disabled javascript. God damn noobs.

As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config.

Not JS.

https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

Whoops--sorry, you're right.
/off to check the the box Angry

Edit: lol, everything was disabled but i obviously should crime more -- older version of ff.

fr33d0miz3r

hero member

Activity: 518

Merit: 500

https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting

Quote

From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix
them if we can.

01BTC10

vip

Activity: 756

Merit: 503

Quote from: crumbs on August 04, 2013, 07:20:12 PM

Quote from: humanitee on August 04, 2013, 06:53:11 PM

All users would have been safe if they would have disabled javascript. God damn noobs.

As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config.

Not JS.

https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

crumbs

full member

Activity: 210

Merit: 100

Quote from: humanitee on August 04, 2013, 06:53:11 PM

All users would have been safe if they would have disabled javascript. God damn noobs.

As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config.

Topic: Half of all Tor sites compromised, Freedom Hosting founder arrested. - page 2. (Read 5099 times)