Silk Road forums

Discussion => Security => Topic started by: prefectKILL on May 03, 2012, 12:50 pm

Title: Firefox security bug (proxy-bypass) in current TBBs
Post by: prefectKILL on May 03, 2012, 12:50 pm
Hey good people, just caught this, not sure if it has been reported here yet so ...

https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs

Maybe someone more knowledgeable than myself can evaluate the security implications? 

I don't think this reveals IP.
Title: Re: Firefox security bug (proxy-bypass) in current TBBs
Post by: supersecretsquirrel on May 03, 2012, 01:09 pm
Maybe someone more knowledgeable than myself can evaluate the security implications? 

I don't think this reveals IP.

A DNS lookup not sent through Tor will reveal your real IP address to the server you are trying to connect to. Timing attacks can then connect you doing the DNS lookup to you visiting the site over Tor. That said, this bug affects sites using websockets. I believe Silk Road users are safe, but I strongly recommend everyone to read the blog post and follow the instructions there to apply the temporary fix.
Title: Re: Firefox security bug (proxy-bypass) in current TBBs
Post by: TBBSecurity on May 03, 2012, 02:47 pm
Damn, someone beat me to it, didn't see this thread!  Good looking.