Silk Road forums

Discussion => Security => Topic started by: nothing on October 23, 2012, 02:24 pm

Title: Experiment with allowing scripts with Tor Browser Bundle
Post by: nothing on October 23, 2012, 02:24 pm
Hi, I wanted to do an experiment using the new Tor Browser Bundle  2.2.3 9-3 using a throw away computer as this computer is just used to test security flaws. 

I created a fresh install for the browser bundle and went to an unnamed sight that I had checked before using no scripts allowed and the sight looked highly like hackers.  So I decided to play their game, to test the security of the Tor Browser Bundle using a Windows OS.

Spending about 3 mins on the site allowed the hacker access to my computer, they probably dropped a keylogger for sure but likely some other infection type I haven't yet figured out but it is safe to say that that computer will be need to be cleaned or thrown away depending on the level of infection and type to the hardware.

It modified the Tor edit file and other things I have not yet figured out. 
 
Title: Re: Experiment with allowing scripts with Tor Browser Bundle
Post by: Nakorx on October 24, 2012, 12:15 am
Wow that sounds really interesting and a bit scary!! So you mean that allowing scripts to run let them plant something on the computer? I guess that why Javascript is normally disabled and why it has Noscripts installed.
Of coarse the real test would be to run it again with Noscripts enabled, or had you already done this?
Hope you keep us posted about any further findings.
Title: Re: Experiment with allowing scripts with Tor Browser Bundle
Post by: Moon Fried on October 24, 2012, 12:19 am
You sure you didn't accept any Java applet? Java drive-bys are standard now and gets everyone. Don't ever allow Java when a website asks if you're not 100% sure if it's safe.