Silk Road forums

Discussion => Security => Topic started by: societyagrees on December 13, 2011, 03:58 pm

Title: launch external application
Post by: societyagrees on December 13, 2011, 03:58 pm
Sometimes my browser has a popdown alert that says one of the forum pages wants to launch an external application. Why does this happen? I always say no, and then establish new identity and refresh. That usually works.

Is it true that since I don't exit the tor network by connecting to this site that packets can't be injected to my browsing (since I never hit an exit node)?

My only reasonable concerns should be phishing, my computer being compromised and the server being compromised, right?
Title: Re: launch external application
Post by: supersecretsquirrel on December 13, 2011, 04:06 pm
Sometimes my browser has a popdown alert that says one of the forum pages wants to launch an external application. Why does this happen? I always say no, and then establish new identity and refresh. That usually works.

Not sure. Bug in the forum software, maybe?

Is it true that since I don't exit the tor network by connecting to this site that packets can't be injected to my browsing (since I never hit an exit node)?

Yep.

My only reasonable concerns should be phishing, my computer being compromised and the server being compromised, right?

Phising, your computer being compromised, the server being compromised, GPG being compromised, sellers you've purchased from being compromised.
Title: Re: launch external application
Post by: societyagrees on December 13, 2011, 04:12 pm
So I shouldn't be concerned I guess, should I just hit launch external application? Better safe than sorry I suppose.
Title: Re: launch external application
Post by: Cgault on December 13, 2011, 04:46 pm
If you are using the Tor browser bundle, that is not a malware attack - it is a symptom of the browser timing out between http resposes, and thinking that the page needs an application to open an embedded code asset. It happens to me. You will notice that in that dialog box there is no application specified - its just a by product of the Tor network and the browser biunle. Hit cancell, try reloadijng. If you hit "launch external application", nothing will happen, it will jsut keep trying. General advice is to never hit that launch button.
Title: Re: launch external application
Post by: societyagrees on December 13, 2011, 06:40 pm
Thanks Cgault! That's what I was looking for. Question: could this same thing happen when exiting tor network to clearnet?
Title: Re: launch external application
Post by: Cgault on December 13, 2011, 08:17 pm
I am not sure that I understand the question, but I will try to the best on my underatanding:

When closing the TBB (Tor Browser Bundle) you are shutting down the proxy direct to 127.0.0.1 most often - after that, you have a normal setup that uses your normal http https (or other protocol) proxies (or native connections). Actually, its not one or the othjer, they can and do, coexist.

You can have TBB running on 12.0.0.1 and your normal base "insde" IP running at the same time. If you are not in TBB and you get a message to launch an application, unless you know what you are doing, like configuring a Quicktime plugin or other helper applications, you should always be careful about saying "yes: to those unexpected browser messages.