Silk Road forums

Discussion => Security => Topic started by: TBBSecurity on May 03, 2012, 02:43 pm

Title: Tor Browser Bundle Security Leak
Post by: TBBSecurity on May 03, 2012, 02:43 pm
https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs


You've all been querying local DNS if you have the newest Tor Browser Bundle.  Link to report of the leak, and how to fix.  Have fun with all that information you've leaked.  Thanks Tor!
Title: Re: Tor Browser Bundle Security Leak
Post by: tomorrowman on May 03, 2012, 03:15 pm
welcome back eee, we missed our resident cunt.
Title: Re: Tor Browser Bundle Security Leak
Post by: TBBSecurity on May 03, 2012, 03:22 pm
o/ Tony, glad to see you're still around as well.  Have fun attempting to move those 60k bitcoins.
Title: Re: Tor Browser Bundle Security Leak
Post by: tomorrowman on May 03, 2012, 03:52 pm
god you are retarded. you are either a very very bitter little man or a very very bitter cop trying to frighten everyone. it wont work douchebag.
Title: Re: Tor Browser Bundle Security Leak
Post by: Mixer on May 03, 2012, 05:31 pm
https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs


You've all been querying local DNS if you have the newest Tor Browser Bundle.  Link to report of the leak, and how to fix.  Have fun with all that information you've leaked.  Thanks Tor!

And so? The leaked information is just the DNS resolve queries. Oh my god, I asked my local DNS to resolve an hostname! Those server get thousands of requests every day, I don't know what you are worring about... SR doesn't use websockets, so your DNS won't see you trying to resolve the .onion address. This may be a problem only in censored countries, but I'm not sure trying to resolve a censored hostname is illegal.
Title: Re: Tor Browser Bundle Security Leak
Post by: twon on May 03, 2012, 06:27 pm
this is only a problem if you are running scripts, which i assume anyone on here is not doing.
Title: Re: Tor Browser Bundle Security Leak
Post by: kmfkewm on May 04, 2012, 12:31 am
Isolation of web browser FTW. Prevents all potential leaks. I can run flash , java, javascript, use applications that leak DNS in fifty different ways and be rooted and the attacker still can not get my real IP (although of course I don't do such dangerous things, at least there is a strong layer of protection even in worst case scenarios)