Silk Road forums

Discussion => Newbie discussion => Topic started by: OrangeThrowaway on August 04, 2013, 09:33 am

Title: WARNING! Tor Browser Bundle has been compromised!
Post by: OrangeThrowaway on August 04, 2013, 09:33 am
Freedom Hosting and Tormail were recently taken down by the FBI but they left a little gift - some JavaScript that exploits a previously unknown vulnerability in the Firefox 17 ESR version used in the Tor Browser Bundle to run code on your PC, eventually connecting to a monitoring server from your real IP address. Discontinue use of the Tor Browser Bundle immediately!

http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/cbgknwe
https://news.ycombinator.com/item?id=6154246
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Alutnarat on August 04, 2013, 09:37 am
that's why i like tails.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: flaxceed on August 04, 2013, 09:47 am
Where is the evidence that TBB has been compromised?  This looks more like conjecture.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: OrangeThrowaway on August 04, 2013, 10:00 am
Where is the evidence that TBB has been compromised?  This looks more like conjecture.
Several people have managed to decode the shellcode being served up and work out that it's making a HTTP request to an external server. We'll have to wait until security researchers get their hands on it to get full confirmation but that could take a while as a lot of them are at Black Hat right now. I wouldn't be surprised if the attacker can break out of virtual machines since they managed to compromise Freedom Hosting hard enough to trace its owner, and I don't have a spare physical machine to run this exploit on.

Also, my post is basically the best-case scenario. No-one's been able to confirm whether it downloads a further payload of code or the contents of that payload so there's a good chance any machine that's been on Tormail or Freedom Hosting recently with the TBB is also fully compromised.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Alutnarat on August 04, 2013, 10:16 am
well fuck me sideways
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Thetruthseeker1234 on August 04, 2013, 10:35 am
well fuck me sideways
Are you a girl and at least semi good looking?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Pwnedurmoma1 on August 04, 2013, 11:20 am
that awkward moment when im using TOR, so uhm that link is broken, but does that mean i should not buy stuff on the silkroad or am i being traced or what, thats sketchy as hell
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: jethro420247 on August 04, 2013, 02:05 pm
I read the article on reddit about this, and there is a lot of back and forth about whether javascript has the capability to do this. Most were saying you have to have other software running for this to take place (java/silverlight), and in case you are not aware (I'm sure most here are) javascript and java are not the same.

Anywho, if this is true that FBI did inject some code to the tor mail site and it somehow does redirect to your actual email address, it really shouldn't matter that much anyway. Using tor mail alone is not illegal, and if you are discussing shady topics and NOT using PGP, then you are not being cautious enough anyway. From what I gathered reading from the paranoid pedophiles who are obviously uber concerned about this, they are stating this code was injected to some CP sites so they can track down the pedos. I'm not for LE for many things, but I will say whan it comes to children being molested, I hope they round those losers up and either get them the help they need to stop, or remove their junk. I can tell you if that ever happened to any of the children in my life, I would empty every hollow point I have in them.

If anyone has more on this, please post away, this is a topic of the utmost importance.

CORRECTION: apologies I stated java and javascript are the same which is not true they are not the same. Missed a word.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: SynthesisWizard on August 04, 2013, 02:12 pm
I read the article on reddit about this, and there is a lot of back and forth about whether javascript has the capability to do this. Most were saying you have to have other software running for this to take place (java/silverlight), and in case you are not aware (I'm sure most here are) javascript and java are the same.

Anywho, if this is true that FBI did inject some code to the tor mail site and it somehow does redirect to your actual email address, it really shouldn't matter that much anyway. Using tor mail alone is not illegal, and if you are discussing shady topics and NOT using PGP, then you are not being cautious enough anyway. From what I gathered reading from the paranoid pedophiles who are obviously uber concerned about this, they are stating this code was injected to some CP sites so they can track down the pedos. I'm not for LE for many things, but I will say whan it comes to children being molested, I hope they round those losers up and either get them the help they need to stop, or remove their junk. I can tell you if that ever happened to any of the children in my life, I would empty every hollow point I have in them.

If anyone has more on this, please post away, this is a topic of the utmost importance.

I agree with you on this, This is one of the things LE should be doing with their time as opposed to trying to arrest people who have had the occasional ounce of weed sent to them etc.
I think they can do it, Im not 100% on the details, but i reckon they can. Does anyone know if they can infiltrate tormail, can they infiltrate SR?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: jethro420247 on August 04, 2013, 02:19 pm
I read the article on reddit about this, and there is a lot of back and forth about whether javascript has the capability to do this. Most were saying you have to have other software running for this to take place (java/silverlight), and in case you are not aware (I'm sure most here are) javascript and java are the same.

Anywho, if this is true that FBI did inject some code to the tor mail site and it somehow does redirect to your actual email address, it really shouldn't matter that much anyway. Using tor mail alone is not illegal, and if you are discussing shady topics and NOT using PGP, then you are not being cautious enough anyway. From what I gathered reading from the paranoid pedophiles who are obviously uber concerned about this, they are stating this code was injected to some CP sites so they can track down the pedos. I'm not for LE for many things, but I will say whan it comes to children being molested, I hope they round those losers up and either get them the help they need to stop, or remove their junk. I can tell you if that ever happened to any of the children in my life, I would empty every hollow point I have in them.

If anyone has more on this, please post away, this is a topic of the utmost importance.

I agree with you on this, This is one of the things LE should be doing with their time as opposed to trying to arrest people who have had the occasional ounce of weed sent to them etc.
I think they can do it, Im not 100% on the details, but i reckon they can. Does anyone know if they can infiltrate tormail, can they infiltrate SR?

My guess is highly unlikely. From what I've read so far, they busted the FH owner tracking his bank records or some shit like that, and maybe all the info that Anonymous spewed a couple years ago gave them a place to start. But I (or anyone really at this point) knows much about what happened. Once they get him back in the US and he goes to trial and they release the discovery on the investigation, we will hopefully learn more.

And futhermore, we all know they want SR BAAAAAAD and I'm sure if they had a good method of hacking servers through tor, they would have probably taken it down first before the pedos. It seems LE are more spiteful than most and since SR is the biggest slap in their face regarding their failed war on drugs, and even though morally IMO it wouldn't be right, they would probably go after SR first. But again just my opinion.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: MAGMA on August 04, 2013, 02:23 pm
one little question: What does it mean LE? I know it is something related to police or sth like that, but I would like to know what these two letters mean. Thanks!
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: DaveDoe on August 04, 2013, 02:27 pm
If they want to keep us guessing they could just say that his service is related to a terror investigation and block discovery becoming public.

And LE=Law Enforcement
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: OrangeThrowaway on August 04, 2013, 02:31 pm
I read the article on reddit about this, and there is a lot of back and forth about whether javascript has the capability to do this. Most were saying you have to have other software running for this to take place (java/silverlight), and in case you are not aware (I'm sure most here are) javascript and java are the same.
Javascript itself isn't meant to be capable of doing this but there are quite often bugs in specific web browsers that allow a clever attacker to break out of Javascript and run native code of their choosing which can in theory do whatever they want it do. Whoever's taken over Freedom Hosting appears to be using one of those bugs against the version of Firefox in the TBB.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: helterhelter on August 04, 2013, 04:41 pm
Freedom Hosting and Tormail were recently taken down by the FBI but they left a little gift - some JavaScript that exploits a previously unknown vulnerability in the Firefox 17 ESR version used in the Tor Browser Bundle to run code on your PC, eventually connecting to a monitoring server from your real IP address. Discontinue use of the Tor Browser Bundle immediately!

http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/cbgknwe
https://news.ycombinator.com/item?id=6154246
Thanks for the warning but can I ask why you are such a new poster considereing you have such an interest in our community here?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Pwnedurmoma1 on August 04, 2013, 11:46 pm
so, uhm, i use the tor bundle, but i dont have a TORMAIL, i only use tormail to access the silk road, im thinking of ordering soon, will the LEA's be able to see that i ordered drugs or something
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: cryngie on August 05, 2013, 12:09 am
Forgive me if im wrong but doesnt having scripts blocked globally as tbb allows and recommends then is this not a useless attempt at gaining my details
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Psyche on August 05, 2013, 12:14 am
so, uhm, i use the tor bundle, but i dont have a TORMAIL, i only use tormail to access the silk road, im thinking of ordering soon, will the LEA's be able to see that i ordered drugs or something

If you meant to say "so, uhm, i use the tor bundle, but i dont have a TORMAIL, i only use THE TBB to access the silk road, im thinking of ordering soon, will the LEA's be able to see that i ordered drugs or something"

I would recommend always keeping javascript OFF when you are craving anonymity. Use noscript and forbid scripts globally, edit the settings of the browser and turn off javacript.

Silk road is not compromised (for now). It is not the TBB itself compromised but the TBB(firefox) contains a previously unknown exploit which they are hosting on ALL FreedomHosting Websites(Pedo sites, Onion bank, tormail, ect. I have heard that 50% of the darknet was hosted on freedomhosting.)

Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: cypherpunk on August 05, 2013, 12:16 am
Forgive me if im wrong but doesnt having scripts blocked globally as tbb allows and recommends then is this not a useless attempt at gaining my details
Yes, but unfortunately 90% of people who install software never bother changing the default settings.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: jethro420247 on August 05, 2013, 01:01 am
Forgive me if im wrong but doesnt having scripts blocked globally as tbb allows and recommends then is this not a useless attempt at gaining my details
Yes, but unfortunately 90% of people who install software never bother changing the default settings.

This is all true but the sad part is that tor leaves javascript enabled by default, and actually they state they do this intentionally, why I'm not sure. They say that turning it off, while not a vulnerability, makes you stick out amongst other tor users, but really who cares as long as they can't sniff the packets you are sending back and forth.

Also everyone keep in mind, they, FBI, injected this code onto child porn sites (according to the reddit thread where those sick fucks were talking) in which case if they catch you visiting the site, then get your IP your screwed. (on a side note, if you like kiddy porn then I hope they catch your ass anyway, get some help sick fucks) However, tor mail itself is not illegal, unless you are doing illegal activities through it, and if you are, you'd be a fool not to be using PGP. So that being said if you use tor mail and use PGP, so what if they get your IP address, they have shit on you. There is nothing illegal about an email service. Tor mail just got caught up in this shit since they were dumb enough to host on servers that allowed child porn. Not saying the feds won't hack into the tor mail code and attempt to break into some accounts to try to find some illicit material, but again if you use PGP or didn't do anything illicit, then you don't have anything to worry about from my limited understanding of the law.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: rynoragin on August 05, 2013, 01:09 am
I have TBB. Looking at my vidalia control panel now and on firefox viewing these forums. Do I need to change something? I will do whatever I have to do in order to protect my privacy. Share your knowledge.
Ryno
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Psyche on August 05, 2013, 01:16 am
I have TBB. Looking at my vidalia control panel now and on firefox viewing these forums. Do I need to change something? I will do whatever I have to do in order to protect my privacy. Share your knowledge.
Ryno

You NEED a tails live USB for anonymity.

http://dkn255hz262ypmii.onion/index.php?topic=114141.0

Follow that tutorial, tails is necessary.

For a persistent volume(permanent encrypted storage) you'll need either two USBs or a harddrive, disk, and usb.





Forgive me if im wrong but doesnt having scripts blocked globally as tbb allows and recommends then is this not a useless attempt at gaining my details
Yes, but unfortunately 90% of people who install software never bother changing the default settings.

This is all true but the sad part is that tor leaves javascript enabled by default, and actually they state they do this intentionally, why I'm not sure. They say that turning it off, while not a vulnerability, makes you stick out amongst other tor users, but really who cares as long as they can't sniff the packets you are sending back and forth.

Also everyone keep in mind, they, FBI, injected this code onto child porn sites (according to the reddit thread where those sick fucks were talking) in which case if they catch you visiting the site, then get your IP your screwed. (on a side note, if you like kiddy porn then I hope they catch your ass anyway, get some help sick fucks) However, tor mail itself is not illegal, unless you are doing illegal activities through it, and if you are, you'd be a fool not to be using PGP. So that being said if you use tor mail and use PGP, so what if they get your IP address, they have shit on you. There is nothing illegal about an email service. Tor mail just got caught up in this shit since they were dumb enough to host on servers that allowed child porn. Not saying the feds won't hack into the tor mail code and attempt to break into some accounts to try to find some illicit material, but again if you use PGP or didn't do anything illicit, then you don't have anything to worry about from my limited understanding of the law.
I'm worried about those who had their darknet contextual identities linked to tormail as well as their "real life" identities.

Have confidence that the feds are having an absolute fun time with those servers right now, busting people left and right.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: rynoragin on August 05, 2013, 01:23 am
I had a tormail but I NEVER even used it. Also used a false name. I also encrypt everything. I'll have to look into that and get on it right away. Man this is upsetting.

Ryno
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: cypherpunk on August 05, 2013, 01:25 am
However, tor mail itself is not illegal, unless you are doing illegal activities through it, and if you are, you'd be a fool not to be using PGP. So that being said if you use tor mail and use PGP, so what if they get your IP address, they have shit on you. There is nothing illegal about an email service.
You're assuming that's all the script is capable of doing.  As far as I know nobody's managed to decrypt the payload yet.  It's possible that it just connects to a server to reveal your IP, but it could just as easily be downloading more code and loading a RAT or keylogger onto your system.

I have TBB. Looking at my vidalia control panel now and on firefox viewing these forums. Do I need to change something? I will do whatever I have to do in order to protect my privacy. Share your knowledge.
Ryno
Obvious question but have you disabled javascript?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: rynoragin on August 05, 2013, 01:31 am
However, tor mail itself is not illegal, unless you are doing illegal activities through it, and if you are, you'd be a fool not to be using PGP. So that being said if you use tor mail and use PGP, so what if they get your IP address, they have shit on you. There is nothing illegal about an email service.
You're assuming that's all the script is capable of doing.  As far as I know nobody's managed to decrypt the payload yet.  It's possible that it just connects to a server to reveal your IP, but it could just as easily be downloading more code and loading a RAT or keylogger onto your system.

I have TBB. Looking at my vidalia control panel now and on firefox viewing these forums. Do I need to change something? I will do whatever I have to do in order to protect my privacy. Share your knowledge.
Ryno
Obvious question but have you disabled javascript?



I went in and deleted all javascript files. Does that constitute disabling?

Ryno
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: bitni on August 05, 2013, 02:00 am
AIRVPN would do the trick too wouldn't it?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: kyzersoze on August 05, 2013, 02:18 am
well fuck me sideways
Are you a girl and at least semi good looking?

Lol.  Well played
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: rynoragin on August 05, 2013, 02:28 am
I feel like I need to be seriously worried now. This isn't fun. WAH! I quit this game!

Ryno
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Pwnedurmoma1 on August 05, 2013, 04:51 am
so, uhm, i use the tor bundle, but i dont have a TORMAIL, i only use tormail to access the silk road, im thinking of ordering soon, will the LEA's be able to see that i ordered drugs or something

If you meant to say "so, uhm, i use the tor bundle, but i dont have a TORMAIL, i only use THE TBB to access the silk road, im thinking of ordering soon, will the LEA's be able to see that i ordered drugs or something"

I would recommend always keeping javascript OFF when you are craving anonymity. Use noscript and forbid scripts globally, edit the settings of the browser and turn off javacript.

Silk road is not compromised (for now). It is not the TBB itself compromised but the TBB(firefox) contains a previously unknown exploit which they are hosting on ALL FreedomHosting Websites(Pedo sites, Onion bank, tormail, ect. I have heard that 50% of the darknet was hosted on freedomhosting.)

damn, i forbid all scripts using the "s" icon, clicked the blue thing in the top right corner and disabled "java", did i do it right?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: oznation22 on August 05, 2013, 05:01 am
i don't use tormail, yay for me, this forum is my only output into the deepweb
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: monesty on August 05, 2013, 06:25 am

This is all true but the sad part is that tor leaves javascript enabled by default, and actually they state they do this intentionally, why I'm not sure. They say that turning it off, while not a vulnerability, makes you stick out amongst other tor users, but really who cares as long as they can't sniff the packets you are sending back and forth.

While it's true that the TBB leaves JS on by default, NoScript is still installed and blocks scripts. The only way to let in a script is allowing both JS and NS to let it in. It's not a case of TBB being 'compromised' as is so often repeated but one of users disabling their safeguards so they can watch youtube videos or something else as stupid. The simple solution here is to never allow JS; in fact uncheck the box in your options and make sure NS is on at all times.

More info on the exploit is here: http://www.twitlonger.com/show/n_1rlo0uu

Furthermore, Tormail is no longer online because it was hosted by Freedom Hosting which obviously had its server shut down. The only chance of you receiving this exploit is when you visited a page that contained this message:

"Down for Maintenance
Sorry, This server is currently offline for maintenance. Please try again in a few hours."

So let's stamp out hysteria and FUD and think clearly.

Don't allow javascript ever; repeat that over and over.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Psblyinjail on August 05, 2013, 06:40 am
Holy fuck. Am I in trouble!?!?!?!?

I tried accessing it from onion.to on my iPhone which has JavaScript.
Is my info being accessed?!?!?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: jndlr3k on August 05, 2013, 07:01 am
Holy fuck. Am I in trouble!?!?!?!?

I tried accessing it from onion.to on my iPhone which has JavaScript.
Is my info being accessed?!?!?

You are _probably_ good, the script targeted FF17+ on windows. Take any actions you would have done if the third word of the previous sentence had been _not_ though.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Psblyinjail on August 05, 2013, 07:09 am
Holy fuck. Am I in trouble!?!?!?!?

I tried accessing it from onion.to on my iPhone which has JavaScript.
Is my info being accessed?!?!?

You are _probably_ good, the script targeted FF17+ on windows. Take any actions you would have done if the third word of the previous sentence had been _not_ though.
?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: cryngie on August 05, 2013, 07:15 am
why are you accessing onion.to?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Psblyinjail on August 05, 2013, 07:34 am
why are you accessing onion.to?
I am a huge noob.
I got on onion.to, bought some stuff on the Silk Road, emailed back in forth with a vendor on a different site about prices on weed.
Iv been here for less than a week.
When tormail went down I just kept on trying to get in, but kept getting the error message.
So can someone answer me? Have I been identified/ did I fuck up?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: monesty on August 05, 2013, 07:43 am

When tormail went down I just kept on trying to get in, but kept getting the error message.
So can someone answer me? Have I been identified/ did I fuck up?

As far as I understand it the exploit was only for those using the tor bundle browser which uses firefox 17 ESR. Doesn't sound like that applies to you but stop using onion.to anyway.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: boaclon224 on August 05, 2013, 10:43 am
To clarify the situation, using the Tor Browser Bundle is still fine, and a good solution for people who can't install Tails or similar.

HOWEVER if you used TBB or Firefox 17 to try to access tormail recently (and javascript was enabled, which I think is the default), then you probably have FBI malware on your computer. In that case the only thing to do is wipe your computer, reinstall the operating system, and then change your SR passwords.

Nobody has yet figured out what the FBI malware does, but it's reasonable to assume they now have complete control over your computer, and can see anything on it they want.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: BongoMagnifico on August 05, 2013, 11:47 am
I installed TBB 2 days ago, and tormail was one of the first sites I checked because I was considering making an account. I saw that it was down. I hadn't changed any settings within TBB or NS. I should reinstall windows now? Seriously?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: boaclon224 on August 05, 2013, 11:57 am
I installed TBB 2 days ago, and tormail was one of the first sites I checked because I was considering making an account. I saw that it was down. I hadn't changed any settings within TBB or NS. I should reinstall windows now? Seriously?

That was unlucky timing for you! Check a couple of things: is javascript enabled on TBB? What dates are people reporting the tormail malware attack was active? If javascript is enabled, and you accessed the site when it was malware laden, then I'm afraid you have to consider the computer 'burned', yes, and reinstall the OS. Or buy a cheap laptop and only use that for SR, and continue to use your current computer for 'innocent' stuff.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: abby on August 05, 2013, 11:59 am
[snip]
HOWEVER if you used TBB or Firefox 17 to try to access tormail recently (and javascript was enabled, which I think is the default), then you probably have FBI malware on your computer. In that case the only thing to do is wipe your computer, reinstall the operating system, and then change your SR passwords.
[snip]

I wish that someone would define "recently"  I was last in a month ago and I really don't fancy doing a reformat and reinstall if I don't have to.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: boaclon224 on August 05, 2013, 12:09 pm
I wish that someone would define "recently"  I was last in a month ago and I really don't fancy doing a reformat and reinstall if I don't have to.

I don't have time to look it up now, but I think it was first noticed no more than 2 days ago.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: abby on August 05, 2013, 12:15 pm
Thanks :)
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: boaclon224 on August 05, 2013, 12:44 pm
An update, apparently if you were using a version of TBB released on or after June 26th it was patched for the vulnerability, so you should be safe. Got that from the comments to this post: https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: boaclon224 on August 05, 2013, 12:50 pm
And ANOTHER little update, I can confirm that TBB does have javascript enabled by default: https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

I recommend everyone to disable it, to reduce the attack surface. It isn't needed for SR.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Micromanage on August 05, 2013, 12:52 pm
Well how are we suppose to get into silkroad then? we still need to use Tor. what are the alternatives?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: boaclon224 on August 05, 2013, 12:58 pm
I wish that someone would define "recently"  I was last in a month ago and I really don't fancy doing a reformat and reinstall if I don't have to.

I don't have time to look it up now, but I think it was first noticed no more than 2 days ago.

According to a comment on the tor project blog post, the 2nd August was when the javascript first appeared.

"Well how are we suppose to get into silkroad then? we still need to use Tor. what are the alternatives?"

Tor Browser Bundle is fine. Just don't go to tormail, because doing so will put nasty shit on your computer.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: bitni on August 05, 2013, 02:14 pm
Is there a keyloggers? I changed all my passwords as soon as I heard about then I removed everything. Are my new passwords compromised now?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: yugiat722 on August 05, 2013, 03:06 pm
haven't used Tormail in over half a year - should be fine I suppose.

we'll see what else develops. Wasn't the main purpose to shut down child porn sites? SR is apparently 2nd fiddle to that.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: jethro420247 on August 05, 2013, 04:49 pm
An update, apparently if you were using a version of TBB released on or after June 26th it was patched for the vulnerability, so you should be safe. Got that from the comments to this post: https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting

Yeah I read that as well, but I'm not sure how much faith I have in an anonymous comment left there. Could be the feds just spewing out bad info to give people a false sense of security so they will go back to whatever they were doing.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: boaclon224 on August 05, 2013, 05:10 pm
The tor project have now put out an official statement, and the exploit code has now been analysed. And there's good news: the exploit code only went as far as sending your real MAC address and IP address to someone (presumably FBI), so no keylogger or other stuff was involved. So no wiping of the OS needed. The tor project also confirmed that releases since June 26th weren't affected, and if the browser was auto-updated since then you'll be fine.
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
http://tsyrklevich.net/tbb_payload.txt
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: jethro420247 on August 05, 2013, 08:41 pm
The tor project have now put out an official statement, and the exploit code has now been analysed. And there's good news: the exploit code only went as far as sending your real MAC address and IP address to someone (presumably FBI), so no keylogger or other stuff was involved. So no wiping of the OS needed. The tor project also confirmed that releases since June 26th weren't affected, and if the browser was auto-updated since then you'll be fine.
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
http://tsyrklevich.net/tbb_payload.txt

Man let me give you a virtual high five for this. This is the first solid evidence I've seen that finally has put my mind at ease. I know personally I didn't use TBB until well after June 26, and since this is official I feel much better now.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: 226278 on August 05, 2013, 09:03 pm
The tor project have now put out an official statement, and the exploit code has now been analysed. And there's good news: the exploit code only went as far as sending your real MAC address and IP address to someone (presumably FBI), so no keylogger or other stuff was involved. So no wiping of the OS needed. The tor project also confirmed that releases since June 26th weren't affected, and if the browser was auto-updated since then you'll be fine.
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
http://tsyrklevich.net/tbb_payload.txt

cheers
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: TeegDougland on August 05, 2013, 09:44 pm
>To be clear, while the Firefox vulnerability is cross-platform, the
>attack code is Windows-specific. It appears that TBB users on Linux
>and OS X, as well as users of LiveCD systems like Tails, were not
>exploited by this attack.

whew! I was scared for a second.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: neplusultra on August 05, 2013, 10:16 pm
IMO- child pornography being the reason behind the FBI exploit is a fucking front. When they tried coming after us with PIPA and SOPA, and we shut them down, everyone said they would come back with and try to use child pornography as their "new weapong of choice"

I'm not defending child pornography, It's a vile act, but if anyone believes that all this bullshit really has anything to do with child pornography, you're fucking naive.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: jethro420247 on August 05, 2013, 10:21 pm
IMO- child pornography being the reason behind the FBI exploit is a fucking front. When they tried coming after us with PIPA and SOPA, and we shut them down, everyone said they would come back with and try to use child pornography as their "new weapong of choice"

I'm not defending child pornography, It's a vile act, but if anyone believes that all this bullshit really has anything to do with child pornography, you're fucking naive.

Yeah I would agree with your point. Just like the NSA says "oh we can send info to LE, but we never do, we only want terrorists really" and then today it comes out how they in fact have been supplying LE with leads for some time and then LE grooming the case to make it look like it was just a normal investigation.

Oh and of course the war on terror, what a joke, they need to call it what it really is, a war on our privacy and rights.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: neplusultra on August 05, 2013, 10:31 pm
I'm relieved that I'm not the only one who sees that. The government lies to people, it indoctrinates children, it threatens everyone by force to extract resources and obedience. Then pity & empathy is used to manipulate you and destroy any rational objection you have. I mean really, who can object to the "war on child pornographers" ?

The only people who really can are rational thinking human beings who see through the thick veil government abstract language and bullshit.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Dolla4BTC on August 05, 2013, 10:34 pm
Does this effect people who only use tor for SR? Or was this just for people who used websites with javascript?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: neplusultra on August 05, 2013, 10:42 pm
Well I would disable javascript on your browser period, but I think the only people who seemed to have been affected were windows users who had javascript enabled and were using Tormail before June 26. After June 26 TOR came out with a patch that addressed the exploit...This is based on what I've read so far so someone correct me if I'm wrong.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: jethro420247 on August 05, 2013, 11:49 pm
Well I would disable javascript on your browser period, but I think the only people who seemed to have been affected were windows users who had javascript enabled and were using Tormail before June 26. After June 26 TOR came out with a patch that addressed the exploit...This is based on what I've read so far so someone correct me if I'm wrong.

You are correct somewhat or I misunderstood your actual meaning.

The exploit theoretically could work on any system but was only designed to work on windows machines running the tor browser bundle (TBB). If you updated your version of TBB when it asked you to or you didn't start using until after June 26 you are ok. This exploit didn't start until around July 30th or so (no one knows for sure the exact day but it couldn't have been much earlier than this since the owner was just arrested and one would HOPE that he would have known his servers were exploited) so you would have to have been using an outdated version of TBB and visited an exploited site in the last week or so to be compromised.

I'm basing this off of a thread posted the by the tor developers, so hopefully they are being honest, and if they are not, we have a lot more to worry about than this exploit.

CLEARNET WARNING
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: marrti on August 06, 2013, 12:33 am
Should we expect a raid if we are compromised, or will they need more proof ?
I'm not in America.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: Rainbowbleh on August 06, 2013, 01:03 am
I kinda feel like an idiot for not knowing the importance of disabling javascript, or enabling noscript and locking it down.  I kinda figured the default settings of the TBB were optimal.  I've been shopping on this website for probably 5 or 6 months.  Researched tor, SR, the forums, etc for a few months before purchasing.  And never did I realize that these security steps should be taken.  Luckily, I keep my browser up to date, and haven't visited tormail in a while.  And didn't use it for much anyway.  I guess this is a wake up call.  At least some good has come of it.  I and many others like me, now have a better understanding of security. Sucks the whole noscript/javascript thing wasn't pushed a little more... maybe the full ramifications just weren't realized since this is the first widespread attack like this.

I think as a non dealer, small time user, most of us can relax.  We all know if they go after anyone, it will be those supplying things.  I know for the most part, the suppliers are even stricter about security.... so hopefully they stay protected and up their protection as well.
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: rynoragin on August 06, 2013, 01:52 am
Fuck it. I am now running on TAILS. I would suggest the transition to anyone.

Ryno
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: BTC4Cash on August 06, 2013, 07:38 am
One of the unknown issues is the content of emails on the tormail server account at FH.

This info is on the tormail site (tormail.org, not their onion site).

"Tor Mail consists of several servers, a Tor hidden service, and an incoming and outgoing internet facing mail servers.
These internet facing mail servers are relays, they relay mail in and out of the Tor network, the relays are purchased anonymously and not tracable to us.
The only thing stored on the hard drive of those servers is the Exim mail server, and the Tor software.
No emails or logs or anything important are stored on those servers, thus it doesn't matter if they are seized or shut down.
We are prepared to quickly replace any relay that is taken offline for any reason."

This describes / addresses the traffic to and from the server but doesn't address the actual server that is hosting tormail.

So there are a few questions (well lots actually) regarding tormail itself.

1. Are the emails in the inbox, sent and any other folder you may have created, readable?

2. Is / was the content on the tormail server encrypted?

3. Are deleted emails recoverable?

4. If both sides of the email conversation had deleted their emails (in both sent and inbox) are these emails still on the server and are they recoverable?

5. Did tormail keep logs on their main server? if yes or no, did FH enable log files on the whole servers activities?

6. If deleted emails were scheduled to be deleted off the server, what time frame was involved?  e.g. was it immediately, every 7 days, every 30 days  or the owner simply said I don't give a fuck, not my problem (I doubt it).

Maybe a good indication of this timing might be to ask an admin of SR, if messages here are deleted from original sender and receiver after what time period would they be permanently deleted from the server?

I'm sure there's 100's if not 1,000's of people worrying about this, trying to remember the content of their emails, did I? didn't I encrypt???  Fuck I don't remember.  This must be a thought of a lot of people.

Maybe the answers to these questions could help people relax or book tickets to visit Snowden's new home lol.

With all the great design and forethought that went into tormail, it appears they didn't consider what would happen if their server was discovered and physically controlled by LE. There is no (well I couldn't find) any information on what actual server side protection tormail set up or used.

BTC4Cash
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: BTC4Cash on August 06, 2013, 08:17 am
Bump due to multi posting bullshit spam....  btw wish they could be stopped from multi posting

BTC4Cash
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: xxdionysusxx on August 06, 2013, 08:51 am
well fuck me sideways
Are you a girl and at least semi good looking?

lol
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: marrti on August 06, 2013, 09:33 am
Does this shellcode execute as it's own .exe or it makes an already running process do what it wants ?
Title: Re: WARNING! Tor Browser Bundle has been compromised!
Post by: BTC4Cash on August 06, 2013, 10:03 am
I've had a techy friend look into this for us.

For those who used squirrelmail on tormail:

If you deleted your emails from inbox and sent items then purged your trash folder, then those emails are also deleted from the mail server. Depending on the mail server setup it may or may not keep logs of emails sent and received but this will NOT include the content of the email.

Any email that existed in any folder, including the trash folder, you need to assume 100% that the Fed's can and will read it.

As for the ironcube (or what ever its called) I have no information.

Here is the info they sent me:

Email is received from the internet by a POP (Post Office Protocol) email server.  When you launch your email program and click the send and receive email button, your email program asks the POP server to deliver any new email.  Your email program then downloads the current messages then tells the POP server to delete the messages on the server since the email program now has a copy of the messages on your PC.  You can control the action of your email program by telling it to delete messages after they have been downloaded, or telling the server to keep a copy for a period of time.

It's preferable to have your email program delete messages off of the server, because if you leave too many messages on the server your inbox will get too large and will cause performance problems with your email account.  We STRONGLY recommend deleting messages off of the server.  Below are instructions for setting your email software to delete messages off of the server after downloading them.

Note: Mail does not have to be in your Inbox to clog up your account — mail in your 'Sent' folder also takes up space, so make sure to empty both your inbox and sent folders.

Once you have deleted mail from the relevant folders, a small link will show up next to the "Trash" link that says ‘Purge’. Click ‘Purge’ to remove all trash messages completely from your server.

BTC4Cash