Silk Road forums

Discussion => Security => Topic started by: summer on August 05, 2013, 12:08 pm

Title: Tormail is UP and RUNNING. Now what?
Post by: summer on August 05, 2013, 12:08 pm
Login works, no  JS needed:
http://jhiwjjlqpyawmpjx.onion/squirrelmail/src/login.php

Emails are there.

Can anyone confirm Tormail was indeed infected with a malicious JS code?
Can anyone analise the code?

Source of the login page:

Code: [Select]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>
<meta name="robots" content="noindex,nofollow">
<meta http-equiv="x-dns-prefetch-control" content="off">
<script type="text/javascript" language="JavaScript">
<!--
if (self != top) { try { if (document.domain != top.document.domain) { throw "Clickjacking security violation! Please log out immediately!"; /* this code should never execute - exception should already have been thrown since it's a security violation in this case to even try to access top.document.domain (but it's left here just to be extra safe) */ } } catch (e) { self.location = "/squirrelmail/src/signout.php"; top.location = "/squirrelmail/src/signout.php" } }
// -->
</script>

<title>Tor Mail - Login</title><script language="JavaScript" type="text/javascript">
<!--
  var alreadyFocused = false;
  function squirrelmail_loginpage_onload() {
    document.login_form.js_autodetect_results.value = '1';
    if (alreadyFocused) return;
    var textElements = 0;
    for (i = 0; i < document.login_form.elements.length; i++) {
      if (document.login_form.elements[i].type == "text" || document.login_form.elements[i].type == "password") {
        textElements++;
        if (textElements == 1) {
          document.login_form.elements[i].focus();
          break;
        }
      }
    }
  }
// -->
</script>

<!--[if IE 6]>
<style type="text/css">
/* avoid stupid IE6 bug with frames and scrollbars */
body {
    width: expression(document.documentElement.clientWidth - 30);
}
</style>
<![endif]-->

</head>

<body text="#000000" bgcolor="#ffffff" link="#0000cc" vlink="#0000cc" alink="#0000cc" onLoad="squirrelmail_loginpage_onload();">
<form action="redirect.php" method="post" name="login_form"  >
<table bgcolor="#ffffff" border="0" cellspacing="0" cellpadding="0" width="100%"><tr><td align="center"><center><img src="../images/sm_logo.png" alt="Tor Mail Logo" width="308" height="111" /><br />
<small>SquirrelMail version 1.4.22<br />
  By the SquirrelMail Project Team<br /></small>
<table bgcolor="#ffffff" border="0" width="350"><tr><td bgcolor="#dcdcdc" align="center"><b>Tor Mail Login</b>
</td>
</tr>
<tr><td bgcolor="#ffffff" align="left">
<table bgcolor="#ffffff" align="center" border="0" width="100%"><tr><td align="right" width="30%">Name:</td>
<td align="left" width="70%"><input type="text" name="login_username" value="" onfocus="alreadyFocused=true;" />
</td>
</tr>

<tr><td align="right" width="30%">Password:</td>
<td align="left" width="70%"><input type="password" name="secretkey" onfocus="alreadyFocused=true;" />
<input type="hidden" name="js_autodetect_results" value="0" />
<input type="hidden" name="just_logged_in" value="1" />
</td>
</tr>
</table>
</td>
</tr>
<tr><td align="left"><center><input type="submit" value="Login" />
</center></td>
</tr>
</table>
</center></td>
</tr>
</table>
</form>
</body></html>
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: SouthSquareBiz on August 05, 2013, 12:13 pm
I am still getting 404 Not Found nginx.
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: summer on August 05, 2013, 12:16 pm
I was able to login a couple minutes ago, saw my emails but the left frame had 404 error.
Now I also get 404 or bad username or pass errors.

Update:
Now its Unable to connect error

This means someone is working on the server?
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: terpene on August 05, 2013, 12:29 pm
It does look like someone is trying to bring the server(s) up - it would be useful if they communicated something on their landing page.

But that would be too sensible.

t
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: terpene on August 05, 2013, 12:37 pm
Its frustrating, I just need one bit of info from my Tormail account and then its fucking dogshit forever.

t
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: Cher on August 05, 2013, 12:51 pm
can u smellllll the honey!!

careful guys!!
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: fbny71 on August 05, 2013, 12:55 pm
Still down for me too. I usually delete all emails in every folder anyway and certainly wouldn't be sending anything sensitive unencrypted.
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: anontoker on August 05, 2013, 12:56 pm
I won't even try. It's better to wait in case there is something posted. I literally deleted my bookmark to Tormail so I wasn't tempted.
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: terpene on August 05, 2013, 01:10 pm
can u smellllll the honey!!

careful guys!!

I hear you.

Though there is nothing incriminating in my tormail account and never has been, all legitimate usage stuff, I just need one line of text!

Title: Re: Tormail is UP and RUNNING. Now what?
Post by: BlackIris on August 05, 2013, 01:48 pm
I have no intention to use Tormail for a long time. I can be exaggerating but for now I feel this way. It can be that in the future I will change my mind and come there again but as of now I've created a new mail at safe-mail.net that I will use as my primary one.

I also ditched my PGP keys with the Tormail account linked to it and created a new one with the Safe-Mail one. I wanted to do it anyway because I needed  to update the key to 4096 bit so this was the perfect motivation for me to do so.

We will see what happens. For the moment I have no intention to enter or use Tormail for some time and I consider every document in there as lost.
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: q on August 05, 2013, 02:00 pm
For fuck sake.
How hard is it to understand?

TORMAIL IS COMPROMISED!

You can never use it again. It's ran and under surveillance by FBI.
You are a FOOL logging in to tormail now. What the hell were you thinking!?

If the server has some encryption you might unlock your shit for the FBI when you login.



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
TORMAIL IS COMPROMISED!
Don't log in.
Don't visit site.
Spread the word.
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: summer on August 05, 2013, 02:15 pm
Instead of scream, panic and run:

- Can someone confirm that Tormail was indeed compromised (seen the malicious JS code)

- Even if it was compromised, lot's of us always assumed it was ran by the FBI even before this incident, but we still used it with PGP, js disabled, so nothing really changed, Tormail still cannot be trusted, tormail still can be run buy the alphabet soup, but I still need to access some emails on it.

After that I will look for a more stable channel to communicate because tormail was shit anyways because all that downtime and lost emails.
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: BlackIris on August 05, 2013, 02:46 pm
Nobody can confirm or deny one way or the other because there is not enough truly reliable information yet, mostly rumors. However it is wiser to assume at this point that Tormail has indeed compromised.

If you need to access some mails take in mind this. Apart this, then, it will not be easy for now to access those mails just because the site doesn't work properly. I don't know what's happening there and just for this it is much better to be cautious.
Title: Re: Tormail is UP and RUNNING. Now what?
Post by: spunjtom on August 05, 2013, 03:22 pm
For fuck sake.
How hard is it to understand?

TORMAIL IS COMPROMISED!

You can never use it again. It's ran and under surveillance by FBI.
You are a FOOL logging in to tormail now. What the hell were you thinking!?

If the server has some encryption you might unlock your shit for the FBI when you login.



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
TORMAIL IS COMPROMISED!
Don't log in.
Don't visit site.
Spread the word.
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

no doubt!