[REQ_ERR: COULDNT_RESOLVE_HOST] [KTrafficClient] Something is wrong. Enable debug mode to see the reason.[REQ_ERR: COULDNT_RESOLVE_HOST] [KTrafficClient] Something is wrong. Enable debug mode to see the reason.[REQ_ERR: COULDNT_RESOLVE_HOST] [KTrafficClient] Something is wrong. Enable debug mode to see the reason.[REQ_ERR: COULDNT_RESOLVE_HOST] [KTrafficClient] Something is wrong. Enable debug mode to see the reason.
Настройка TOR. Чтобы обеспечить максимальную защиту, браузер по умолчанию отключает скрипты, в том числе для мультимедиа. Добавлен больше года. Еще одним виновником данной проблемы может быть расширение « NoScript «. Но иногда и по другой причине используют Tor.
Tor Browser Bundle. Версия: 9. Добавлено: Vivaldi Snapshot. Версия: 5. Vivaldi Snapshot - часто издаваемая тестовая версия стабильного браузера Vivaldi. В ней создатели показывают те нововведения, которые скоро могут показаться в одноименном обозревателе. Имеется возможность испытать новейшие многофункциональные способности, дизайнерские решения, либо наиболее обдуманную систему управления.
Текстово-графический браузер, может работать в обоих режимах по отдельности. Обозреватель характеризуется обычным методом установки, имеющим один исполнительный файл, взаимодействует с ОС Linux, BSD, иными UNIX-подобными системами, и с некими иными, наименее известными. Версия: 2. Портативная версия браузера, написанного на языке Java.
Графический интерфейс выполнен лаконично, в минималистичном оформлении, при этом правильно организован. NetZ Browser употребляет минимум системных ресурсов, потому может подойти юзерам ПК со умеренными параметрами. Не обновляемый. NetZ Browser. Версия: 1. Браузер со интегрированным загрузчиком файлов с видеохостинга YouTube. FlameSky основан на мегапопулярной платформе Chromium, отсюда доступны все достоинства имеющиеся в ее составе.
Веб-браузер, сделанный для конфиденциальности и сохранности. Safer Browser построен на базе Chromium и содержит в для себя основной функционал мега популярной платформы. Safer Browser. Версия: Чрезвычайно обычный обозреватель Веба, с поиском от Google, без каках-либо опций, может подойти начинающим юзерам. Версия: 0. Обозреватель из разряда проще некуда, отсутствует какая-либо возможность оперировать функционалом браузера.
Максимально обычное управление, к огорчению, без поддержки российского языка, но с требованием установки. NET Framework не ниже версии 3. Двухдвижковый обозреватель Веба на базе Chromium от китайских разрабов. Seven Star Browser - это стремительный двухъядерный браузер, основанный на крайней стабильной версии Chromium, который совершенно соединяет в для себя ряд опций Google Chrome, и функции сопоставимости браузера Microsoft IE, интеллектуальное автоматическое переключение Иной кандидатурой пасмурным хранилищам являются локальные резервные копии на наружные твердые диски и USB флешки.
Этот способ безопаснее, но наименее комфортен. Mesh Topology — сетевая топология компьютерной сети, в которой любая рабочая станция сети соединяется с несколькими иными рабочими станциями данной же сети с вероятным принятием на себя функций коммутатора для остальных рабочих станций. Their proprietary operating systems cannot be trusted to safeguard your personal information from the NSA.
Additionally the Free Software Foundation hosts a list of completely Free distributions. Debian has a long tradition of software freedom. Contributors have to sign a social contract and adhere to the ethical manifesto.
Strict inclusion guidelines make sure that only certified open source software gets packaged in the main repositories. Companies all over the world trust Red Hat Inc. Все остальное уже настроено для вас. Образы для виртуальных машин, такие, как Whonix , сделаны для использования в пакетах виртуализации, схожих VirtualBox. Это означает, что ежели для вас приходится применять Windows и macOS из-за хоть какой предпосылки, то вы все равно сможете установит VirtualBox и применять Whonix чтоб сделать лучше защиту конфиденциальности и сохранность.
Riseup также дает сервисы электронной почты, XMPP и чата, все они доступны также как сокрытые сервисы Tor. Перечень адресов доступен тут. Ежели у вас имеются познания системного админа, то серьезно разглядите возможность пуска сервера pump. Почти все из их будут рады покинуть Вконтакте либо Facebook, ежели вы предоставите им кандидатуру. Для тех, у кого нету собственного сервера, RetroShare будет самым обычным методом сделать свою зашифрованную социальную сеть.
Установка собственных дополнений в Tor Browser не рекомендуется, так как они могут соединяться с вебом в обход Tor либо как-нибудь еще нарушать вашу анонимность и конфиденциальность. Проверьте на Panopticlick от EFF, как конфигурация вашего браузера устойчива к отслеживанию третьими лицами. Ежели вы используете браузер, основанный на Firefox, то вы сможете защитить ваши данные и обезопаситься от отслеживания маркетинговыми компаниями ваших предпочтений с помощью установки uBlock Origin , Request Policy и HTTPS Everywhere.
Это радикальное решение, и из-за нее данной для нас функции некие веб-сайты будет нереально употреблять, так как они в значимой степени зависят от JavaScript. NoScript предоставляет возможность ведения белоснежного перечня, и вы сможете выборочно включить JavaScript на тех веб-сайтах, которым вы доверяете, но это чрезвычайно сильно усугубит вашу анонимность ежели вы используете NoScript с Tor Browser Bundle.
Почему не рекомендуется Adblock Plus? Adblock Plus указывает «допустимую рекламу» по умолчанию, что идет вразрез с целью аддона. Отключите допустимую рекламу либо используйте uBlock Origin заместо него. Он обеспечивает намного огромную анонимность, чем хоть какой иной браузер. Удостоверьтесь, что вы сообразили базы Tor до того, как применять его. Ежели веб-сайт, который вы желаете посетить, не работает в TBB, попытайтесь открыть его в Firefox, но помните, что этот браузер не анонимизирует ваш IP-адрес по умолчанию.
Советы по использованию TBB: Внедрение TBB для того, чтоб войти на вебсайты, которые содержат ваши настоящие данные, бессмысленно, и может вынудить включиться защиту от мошенничества на веб-сайте. Советы по использованию Firefox : Этот браузер употребляет поиск Google по умолчанию: замените его наиболее безопасной кандидатурой. Iceweasel is a rebranded version of Firefox that does not have to follow Mozilla Trademark Policy.
Подробнее тут. DuckDuckGo употребляет принцип программное обеспечение как услуга software-as-a-service и серверы по всему миру предоставляют для вас анонимные поисковые результаты из этих источников. Составляющие DDG с открытым начальным кодом доступны тут.
Также работает сокрытый сервис DuckDuckGo по адресу 3g2upl4pq6kufc4m. Startpage — SaaS, серверы которого находятся в США и Нидерландах, предоставляющий анонимные результаты поиска Google по вебу и изображениям через бесплатный прокси. Пожалуйста, отлично задумайтесь перед тем, как доверить сиим проектам свою конфиденциальную информацию.
Пожертвовать Bitcoin. Анонимные сети. Вольные советы. Свободное программное обеспечение для реализации второго поколения так именуемой «луковой маршрутизации». Это система прокси-серверов, позв…. Проприетарный вариант. Amazon Appstore. Google Play. Aegis Authenticator. A free, secure and open source app for Android to manage your 2-step verification tokens.
Unlike other services, wallabag is free as in freedom and open source. A free dynamic DNS service. As we use the standard protoco…. Google Public DNS. K-9 Mail. Kolab Now. Безопасные коммуникационные инструменты для активистов, работающих над освободительными соц переменами.
Кроссплатформенное приложение электронной почты с шифрованием через дополнение Enigmail.
The other answer is to run Tails in a VM on Windows, if you really need to be running Windows in the first place. Hi, Once again sorry for being redundant, but I thought I would ask a broader question hoping that it would answer a lot of questions. If someone had Windows 7, Tor Browser Bundle 2.
No, the exploit was fixed in One question.. I have the ESR version The vulnerability was fixed in firefox So you are not at risk. So if one had turned off javascript on ones pre v 17 browser, that would have stopped the exploit from executing? Do we know Has somebody tested it against this particular exploit? I know as a programmer myself we like to indicate a bug is "fixed" but it really needs to be tested by others. Any law experts around?
Assuming this illegal exploit worked, what could they do with the IP list? Is a couple random visits to FH sites like, exploring hidden wiki links enough to warrant raids? Just wondering what exactly was the purpose of this illegal exploit, because clearly not all affected are guilty, even if they did visit some of the illegal sites once or twice by mistake or due to curiosity.
A raid on them would destroy their lives nevertheless. Can this list be used against international citizens? Would international agencies accept tips obtained this way? The code did change multiple times, did it not? And parts of it are not yet obtained. I am positive that this exploit is a small part of an overarching federal project.
The NSA are doing the fishing in order to be able to connect the dots at a later date. They are looking for a couple hundreds of big fish, not thousands of small fish. Apparently nobody knows what was in it, because it was never obtained.
Because the code did not exit but loaded this page, one has to assume another version of this, or another exploit was indeed executed on Firefox versions below Therefore all the news and security reports that specifically claim this attack targeted version 17 only, are wrong. Would Request Policy block this attack? Or maybe Request Policy handled iframes differently than the main page?
Somebody would need to investigate. For those of us just hearing about Tor for the first time, help me understand this in non computer tech terms And if someone used Tor Bundle on windows during this time frame but had that little S in the top left corner clicked so a circle with a line was through it, are they still at risk? Or did that turn off their script stuff? The presumable owner of Freedom Host was arrested July 29th and the malicious code was first noticed on August 4th.
If you have the little "S" with a red slash through it, it is blocking scripts from executing and you are highly unlikely to have been affected. When 2. Yes, but did the. Read the advisory for details. While the TBB may have made it easier for people to use Tor a good thing it has also made Tor into one big honeypot. The situation before TBB was that Tor users had basically no chance to secure themselves against a wide array of known attacks at the browser level. At least in this case we learned about the issue, and put out a patch that users could upgrade to, more than a month before it was exploited.
If we lived in a world where there existed a mainstream browser Firefox, Chrome, Safari, IE, something that actually addressed these application-level privacy attacks, I think this would be a worthwhile discussion to have. That sure would be nice to fix. In any any event, you and I agree on the fundamentals. Now they are real. I see them as all equally bad. I am, and have been, running it for some time now. Probably Unrelated, Huh. Whatever it was has also Killed my Relay setup entirely Perhaps worse than that, every time I attempt to access certain of the now defunct.
TemplarKnight tormail. I guess you have some list that you think is the entirety of the Tor hidden service list, and not many of those are reachable for you? But at the same time, it sounds like your computer is broken in all sorts of ways? Sounds like you might want a reinstall, and maybe with a safer operating system.
B "why [ They just took our name to try to trick people into thinking they were legitimate. And then they did a good enough job at never being reachable when we tried to contact them about it. YES, I went through SIX lists and I do realize that they did not encompass the entirety of the Onion HS sites, but I have been doing this for several months on a weekly basis and my estimate is fairly accurate.
The fact of the matter is that TOR Mail did work well enough that it became the accepted standard for secure email communications in the world. TOR will never be compromised by the Intelligence Mega-plex, simply because they use it themselves That is correct. Tor has not and will not be compromised as long as big corporations, businesses and government agencies use it. I feel safe enough using Tor Browser Bundle by itself with scripts disabled.
I think I downloaded tor within the dates in the advisory, but not sure. Click here to go to the download page". Is there any way that the exploit could still have run, as the advisory states that "the attack appears to collect the hostname and MAC address of the victim computer, send that to a remote webserver over a non-Tor connection, and then crash or exit.
The exploit does attempt to run on I need to report that five customers and counting have similar issues with tor-browser: 1. They had tor-browser crashes and windows reboots reported in early July. Why assume it is unrelated to the attacks in late July. All of these systems had up-to-date browsers with the most secure setting script etc. All show, after the window OS rebooted, MS was eager to send you a possible fix. Is MS involved in this matter? Why not? Remember, the FEDS have full access, and they are the good guys.
All via MS. They know who might be using the tor browser, based on the Metadata gathered, and the OS used as well. None of them had this problem prior to using the tor-browser back one year or more. All used the browser for the first time very recently, because of the Snowden leaks.
Dear FBI, I hijacked your exploit and started loading CP sites through Tor, each time I had the exploit code delivered but firewall rules and other mitigation techniques prevented it from phoning home, simultaneously with this I injected your exploit in users traffic through their clearnet exit nodes, framing them for viewing the CP.
I did this a great many times, always taking care to clear cookies and use a new circuit to your compromised hidden services. I started doing this almost as soon as I recognized what was going on, and has added what I imagine must be significant noise to your database of suspected pedophiles.
Fact, many FBI or alike agents that work with cp all day end up with problems, and many of them end up getting caught with possession of cp! I would just like to clarify that I run multiple exit nodes, they are not part of a family and I will not name them. My exit nodes carry traffic for a great many Tor users every day, and I have randomly exposed them to your exploit during the duration of your operation.
I am not going to reveal the exact way in which I did this, but suffice to say I have seriously contaminated your database of harvested IP addresses. That said I would also like to warn all users of Tor that you are very possibly in the database of the FBI even if you never loaded a child porn hidden service. I did this in order to confound their operation and provide plausible deniability to all targeted Tor users. I apologize in advance if the FBI kicks your doors down, but perhaps after they realize a great many of their targets are in fact not involved with CP, they will realize that their operation was a failure.
If someone was always using the then most current version of TBB, would they have been at risk on any day? As a user of Tormail, is there any way to find out if my real IP information has leaked out? Freedom of information request to the FBI? Name address, bank account and any other info that they have. We have been royaly shafted. Right, true. Unfortunately I have missed the update and used But I have the script blocker activated an usually no script is carried out.
Is there a risk that this attack can overcome this mechanism? But I think cookies can be received without having script enabled. Because v I also saw one cookie, under Torbutton cookie Protections, but it was maybe 2 or 3 weeks ago. I was checking everything in settings and so I saw one cookie there and I moved it. I know that for sure by from the file modified date of when I extract it and checked the version.
Is it normal there ever be a cookie under the Torbutton cookie protections? In fixed version does the exploit only make the cookie but not send it? I have two questions for arma: -If I downloaded my browser mid-late June, early July, would I still be vulnerable? You should obviously have Javascript disabled by default in Tor browser. I know that before the time frame was a few days ago, but I wasnt sure if there had been any developments.
It will take time to process all that information and get court orders for addresses of IPs etc - so I should think everyone who was compromised has at least a week before their door is busted down and all their computer equipment seized. Probably months. First, your IP address by itself is not worth much as evidence - could have come from someone using your WiFi or a visitor to your house.
Deleted files can be recovered. Truecrypt , unless your country can force you to give up the key e. The raid will still happen, but if the computer with the compromised MAC is not found and there is no illegal material found, there is no case against you and you will eventually get all your stuff back with no action taken though it will probably take a year or so.
Do not believe anyone who tells you that saying anything different will be better. Nobody is going to get busted because he attempted to visit the front page of some kinky website. FBI is most likely going to distribute the collected list of IPs to local police departments for further surveillance. You will receive your knock years later and nobody is going to even mention this TorSploit then. Agree, this is the most likely couse of action here. You need to change your habits and be very careful what you say or do online and IRL from now till..
I disagree. It is sufficient to get a search warrant, same as happened with the Landslide bust. The LEA then hope to find a good percentage who have illegal material on their PCs - which is what they prosecute over. Contrary to what you say, I cannot see that any LEA is going to spend the resources on setting up years of surveillance on the probably thousands of households who were caught by the sting. But in Landslide the feds had records of what the customers purchased and downloaded.
Here all they know is the person went to the website, but not what they downloaded or looked at. It would seem similar to "this person was observed leaving a house of a known drug dealer. Reasonable suspicion to stop and question them maybe, but enough probable cause to get a search warrant? I would suggest yes. If they know for instance that you accessed a cp site, that would be a strong suggestion that you would have cp on your computer after all, why would you be accessing the cp website if not to get cp?
According the Wikipedia, a Federal investigation into Texas based Landslide Productions yielded a user database with ,00 names of which 35, were U. S residents. Of the 35,, a portion were selected to receive invitations to purchase illegal material by mail. The results of this subsequent sting yielded search warrants and arrests. It would seem that an IP and MAC address are slight evidence when compared with the credit card and business records found in the Landslide investigations.
On the other hand, is this exploit something a U. I am a US lawyer at least by education and historical avocation. The NSA can and does intercept all international traffic. We have a constitution in our country the US , but outside the US different countries are organized under different rules.
And, international communications are essentially subject to no rules. It gets worse. If they give information lawfully collected in an international communication to the FBI, the FBI can use it against you. Why would they need a warrant? Earlier in this thread somebody mentioned WiFi. Are you nuts? Anything you put out using WiFi or other frequencies of the electomagnetic spectrum - including use of your cell phone and its geolocation - is fair game.
The long-standing principle is that "the airwaves belong to the people" codified in the Communications Act of And, you may remember a famous speech in US history about our government being "of the people, by the people, and for the people. Thus, the government "of the people" should be able to listen to anything on the airwaves they own.
Sounds strange, huh? This is very different from breaking into the house of a suspect to install a surveillance device. That does require a warrant because the Fourth Amendment protects "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" without a warrant. An off-shore server is not the "house, papers or effects" of a US citizen or a citizen then-subject to US law.
Try moving to Russia and setting up a server hosting comments critical of Vladimir Putin. See how far your protest for a US warrant gets you. Even a visit to tormail front page could lead you to a raid or a surveillance? Hi Arma, Thanks for your replies. You are amazing for replying so quickly in these trying times for privacy and anonymity.
Has TOR thought of adopting more advanced header analysis and inbuilt firewall system, that will actively parse and analyze for hack attempts. Have you thought of upgrading the TOR Browser bundle so that it will act also as a comprehensive firewall like Comodo firewall? You need to block this in your firewall! Does this mean that if we have a tormail email account are emails can now be read.
Will tor email ever be back? You have to assume that all emails on Tormail are now in the hands of LEA. It could have been the primary target and all the sloppy CP bust exploit could be just a coverup. Nobody talks about Tormail - the real issue here, but everyone talks about a few busted pedos. What they really bust is Tormail, used by whistle blowers and activists.
They want to get to those who are anti government and pro people, like wiki-leaks supporters. Taking down a few CP sites that only had links and have already been partially restored on safe servers, is just a media attention catcher. Yes the primary target of the NSA was tormail. This cannot be repeated enough! Of course there is the chance to find out lots of other potentially useful info that could come from nation actors of every nation who might happen to use tormail. The secondary target was fear.
They have aimed for some time though using various stories of busts where TOR was not actually the determining factor to scare people away from TOR and any other anonymous network. Projects like TOR are quite useful to their own people and probably even more useful to the CIA yet to them it is extremely dangerous in the hands of the average citizen or a whistle-blower. With this operation - they have achieved both major goals. The U. It is a venture capital company that funds start-up technology companies developing technology of value to intelligence gathering.
Two things to keep in mind:. In-Q-Tel is NOT the only company in the venture capital world that invests in the information technology surveillance space. There are plenty of others. I know this is hard to believe, but start-up enterprises desperate for sales are not terribly discerning about whom their customers are. If you have a Facebook account, why would you ever use Tor? Tor mail was the target. ROK censors the Internet, and censors the news.
Except for information she received from me some of which was classified and identified as such with instructions not to distribute it further , she knew very little. The international student organization that sponsored her study there was also kept apprised with the classified intel left out.
There were a few hairy days. But, fortunately, they passed uneventfully. It would be nice to be able to confirm that she is safe. KCIA will want to get me, again. I expect them any time. You should worry about everything that you should normally worry about on the Internet.
Most of the recommendations in the advisory still apply, now and in the future. Well tor is totally safe anymore. Who knows whats next on the javascript exploits list? In the meantime, any alternatives to tormail are welcome, since tormail wont come back up anytime soon. Is the tor mail data center compromised now and is a LEA looking through those mails already? There are some steps you can take to protect yourself even more from similar attacks, but a typical VPN service or a proxy is not one of those steps.
Am I correct? Wrong, see post above. That is not how it works. If you have a dedicated tor proxy which only allows traffic to go over the tor network then there is no way that the script could have circumvented that. Same situation if you setup a vpn the api called respects the routing table and therefore would have used the vpn connection.
Can you please explain in detail how the exploit gets your actual ip address regardless of using a VPN rather then just saying it does? It reads it from Windows network stack, then sends it over browser-independent connection. If you use VPN, transparent Tor, etc it is just a communication channel for delivery. Like a raindrop, no matter how many clouds are in way, it reaches the ground.
Since Tor Mail was extremely popular with drug dealers and financial fraudsters I would say yes LEA are looking through the emails. CP, drug deals and financial fraud are only covers. Like catching whistleblowers who reveal their secret plans and illegal schemes. What else can we use now to communicate without being spied upon? Tormail was the place to go.. Soon they will call you a pedophile or terrorist, if you use PGP or any sort of encryption at all.
TorMail is an interesting issue here. The almost certain fact is that existing accounts are in the hands of FBI. So technically, TorMail could resume as soon as they find a new service provider. They could continue under the name of TorMail, or they could use any other name, in order to not be associated with the compromised old accounts. Or FBI could start their own anonymous mail service under a different name.
The crucial point is that we will have no way to tell which is true. TorMail could have been hostile, bribed, or hacked. Same about FH. If you let your real-world id slip, you are doomed either way. The fact that hidden services was constructed specifically to hide the identity of both ends of the connection makes it amazing that Torproject did not take steps to protect users from malicious hidden services by disabling javascript by default on onion domains. It should give more than a few people pause to consider that both torproject and TAILS, by default, do not enable javascript blocking AND both software suites direct the browser on load to a page that could be compromised in the exact same manner as site on FreedomHosting were.
I understand that to a certain extent you must trust the project developers not to backdoor your software, but I see no reason why every time I load the software I am asked to trust their website. Basically, the address No, NSA gathers electronic intel -- mostly tracking terrorists.
IP-to-whatever databases are notorious for being inaccurate. There is no doubt about that now. If it were hackers, they would announce it on day 1. They would also inject a virus with the payload. They can keep the collected data for years to come, watch the suspects, and strike at any time they see fit. Especially if Tormail was the primary target, they will not issue any official announcements and everyone will forget about it.
How about instead of treating everyone as a suspect, stop invading other countries and kill their children? It really is that simple. And stop spying on the world. If I had version No, the exploit requires Javascript to work. If Javascript was disabled, as it should have been in the first place, there is no chance it could have worked. For TBB 2. Although it was patched on June 26, it may well have been happening for quite some time before that.
Quite some time before you all updated to Yes you are safe NOW from this particular exploit if you have Sources on the reported exploit execution dates, please? On a related sidenote, i understand most or at least many people who were subjected to this exploit experienced a browser crash. One would think these crashes would have been reported during all of July if the exploit had been in effect "silently" from way beyond the fixed update on the 26th of June.
I have an interesting question. There are a bunch of bugs in Firefox that can cause unrelated crashes. Assuming you had javascript disabled, your crash was probably something unrelated. As far as we know currently that is. And one of those patches could have caused the crash too. I was using Tails and the 1st thing I do is disable JS. This happened on the 4 I believe. Also running the most recent Tails distro. Would it make a difference if Javascript was enabled globally and Iframes were disabled on all sites via NoScript?
Stupid question. So if I did this a few times over the last couple of weeks I should have used the last version every time, and should be safe even with JS enabled right? Be sure to check the signature each time you download it. Not happening. It is a ridiculous suggestion. Plus PGP software for windows does exist, despite your comment suggesting otherwise. It could be easier to use, but a particular piece of software for a platform is not indicative of any problems or benefits of that platform.
Truth is we have more software choices for just about everything on Windows. The thrust of my position is that security is an absolute property that must be designed in from the beginning, coded with care, and enforced throughout the software development lifecycle. This embodies a set of issues that are orthogonal to whether the source code is open or not -- it depends on training, design, and use of appropriate tools.
Thus, the nature of whether code is produced in an open or proprietary manner is largely orthogonal to whether the code and encompassing system should be highly trusted. Each side makes arguments and refutes the arguments of others. In truth, neither is correct or both are.
Whether or not source is proprietary does not determine if the software is better. A famous Spaf quote: "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.
If you want to rectify that, for starters please cite an URL that fits that criterion. Be constructive. Yes indeed. If I was using 2. Was I injected? Switching away from windows because there is a security issue in the software YOU use. Forget it, I will no longer support you. You are nothing but Microsoft hating geeks. Even if everyone switched to Macs, this exploit still would have worked because it allows execution of whatever code the exploiter wants to put in there.
They could have written Mac specific code if they had wanted. Would having only Tor allowed to access the net in my Windows firewall settings not even DNS is allowed through block this attack? How likely are the ramblings of the guy saying he runs exit nodes and embedded the exploit in random traffic?
Yes you would have been save from this exploit. Make sure only a user with admin rights is able to turn the FW off. The payload itself was extremely strait forward - a 5 year old could have written it. If they are dynamic and logged at the FH servers then it is not possible to "poison" the database.
Forgott to mention that as an exitnode operator he would not be able to "accuse" real tor users because he cannot know their ip addresses. If Tor. The real solution is to install tor in a virtual machine with a new Windows installation, then take a snapshot after you install TBB on it, and have it restore to the snapshot after EACH use. If you feel as if you may have been compromised, what should you do?
Well, it just means your IP and MAC address as well as proof of what exploited site possibly page you visited is on a U. Only you know what pages you visited and what would happen if the U. So users need to have a way of finding out if they have been compromised Anybody else remember when the default settings for NoScript in TorPark had "allow scripts globally" set to on?
Please show me one. Also, seriously, TorPark? That brings me back. Hi - I was one of the unfortunate ones that tried to login to tormail and got the error system maintenance, please check back in a few hours. I got that error about times as i kept trying to login. I had Javascript enabled and was running the torbrowser bundle with Firefox But there are other vulnerabilities in Question: in the advisory it is recommended to use RequestPolicy. I never used Tor on my actual machine; it was always on a virtual machine And I wonder Then, you can use java, flash, or wathever.
Your real mac never connected to the router, the live system leaves no trace, the encrypted flash unit is in your rectum, or another safe place. Yes, might be slower than your own connection,". Another noob question. Java, or did you mean JavaScript? Used by whom to spoof your IP to whom?
Have an older version of TBB maybe updated last year on my laptop I use only when my work computers are down. I am sure that it has the version exploit could run on. I last used it mid July but always set the button to no scripts s tab with blue cross out for fear of adware and viruses. Not sure if I visited any of those freedom host things, i know i didnt get anything sayingdown for maintenance. Did the malware only take advantage of stupid people with their scripts left on or did effect those with even the no script turned to block all?
Could someone with knowledge respond? The exploit payload used Windows-specific code. The language is simply too complex and it is just too easy to fuck something up. This is not a matter of "being good coders", this is really a matter of a programming language that makes it too easy to screw something. It is clear by now that this is becoming an emergency What i propose here is to write a custom web browser in go for instance that supports only basic HTML and CSS and that relies only on go libraries and to make it the tor-browser.
My proposal could be extended to Tor itself in order to prevent exploits in it too. Here is another scenario. But you need JS for some reason and forget to disable it again. Then a few days ago you load up your now outdated and vulnerable TBB to find most FH sites are down or act weird. You go to legal but infected onions on FH or Tormail with the maintenance message, and BAM they have your real ip, mac, host. They know what site you have visited by sending not only MAC and hostname but also some sort of generated ID from the site.
Does it disable anything else? Restoring NoScript to the default setting of blocking scripts globally may be the preferred option. You can control this feature toggling the noscript. And similarly, many non-OS apps? The idea that MAC correlation to IP and other fingerprint data is some closely guarded secret in this age The whole point of using tor is to stay anonymous, if people want easy access to the net they would use IE instead.
Are they paid by you know who to keep the backdoor open? This is evidenced in a lot of the choices they have made: quick circuit rotation even much quicker in the past at 30 seconds, raised only to reduce load on the network too , a suggestion to leave javascript enabled to reduce browser fingerprinting despite opening you up to an entire class of hacking techniques that could deanonymize you, etc.
Tor developers have a different threat model in mind than a majority of their users do. They also are very concerned about getting as many people using the network as possible, and will sacrifice security for useability. This also contributed to their choice to leave javascript enabled. It also contributes to their choice to give you three entry guards even though you are much more secure with a single entry guard or possibly two. It is also why entry guards rotate so much. So pretty much we have a few issues.
The first issue is that our threat model is not the same threat model as the Tor people are focusing on. The second problem is that they have taken to pandering to idiots. The third problem is that they have taken to pandering to people who want to watch cat videos on youtube. Defend yourself against network surveillance and traffic analysis.
Many webs sites load javascripts from ajax. What is so hard to have it disabled by default and only enable it when you really need them? By enabling javascript by default they are tricking those non tech savvy people into leaking information to everyone out there.
Yeah you have a good point actually. The Tor developers reason for turning javascript on actually makes no sense at all. So pretty much their entire defense of turning javascript on has crumbled. Right, Tor is a specialized tool to ensure privacy, that is its core function, its sole reason for existence.
The Torproject team should make it easy for people to maintain privacy, not make it easy for people to watch youtube. That means disabling javascript by default, not the other way around. Using this proxy safely, for browsing, introduces a world of new headaches. And keep in mind that TBB is relatively new compared to the Tor program itself.
See the end of the advisory for links to approaches that can make this better. And then help us do it! Great job guys!! The only safe way now is to install a new and clean windows in virtualbox, then install TBB, after that take a snapshot of the virtual machine, so you can restore it to a brand new state after each shutdown.
The user base for Tails is not large enough to detect hidden backdoors. Not many Tor users are Windows experts I bet. For this alone-- the glaring contradiction and the lack of any response to it thus far from anyone at the Tor Project despite numerous other comments being posted by arma in the time since I pointed-out the contradiction -- people should be alarmed and demanding an explanation, regardless of where anyone may stand on the question of JavaScript itself.
No kidding. I want to switch to Chrome, but it still has some enormous privacy vulnerabilities that are unfixed and unfixable using the APIs provided. Out of curiosity, are there plans for a completely sandboxed bundle using an encrypted virtual machine without direct network access?
There are a number of open-source VMs, and you could run a very minimalist distribution of linux inside the VM to cut down on image size. The only multi-platform code to maintain would be the TOR binary already ported , the VM, and whatever network rules are used to refuse the VM external access. Being a single browser hole away from complete de-anonymization is a completely untenable situation.
If you want to get the extra credit, you could run two VMs, and put the Tor client plus some good iptables rules in the second one. As long as the demand is there people will come up with something. Arma, whoever you are, thanks for being there and for bringing a little sanity to this issue.
Your efforts are appreciated. Did investigate in cookie mechanisms because I remember to saw a cookie N-serv once without having any JS functionality enabled. This is possible as cookies can be generated via HTTP alone. I can imagine that this cookie even with that name was generated maybe to track my browser history. But without JS enabled there is no known mechanism yet that the real IP can be sent out. What would make it less vulnerable I think if Tor - Firefox can be patched to only be able to send out requests through TOR.
If I understand it correctly in this case the exploit did sent out info through clearnet. Strange to hear that in GB the police can force you to reveal the PW of a container. How do they detect that a certain file is a container I use TC? No one has a answer for that. See above comments about VPNs too. The Javascript also make the browser crash and exit, after executing the payload.
Sooo, how can we tell which dark sites are hosted with Freedom Hosting before we click on them? Say if they come back online under the FBi control and who knows what sort of codes injected into them for track and trace.
A question please. I downloaded TBB version 2. Please correct me if I missed something. Thanks for the reply Arma. So my conclusion is that not all TBB 2. The real answer needs to be getting people off the "run an application in Windows and think it can possibly be secure" model. For a bunch of people who surf onion sites, there seem to be an awful lot of paranoid people here. Me thinks perhaps your Tormail and surfing activities might be a little questionable huh?
Particulartly if you used Freedom Hosting which was basically a disguise for CP. Well, there is a lot of fear flowing through every single post around this issue since it came out to light. This is causing doubleposting asking the same questions again and again First, lets calm our minds Second, lets stick to the source Tor developers are our best source of information If it is said that using the latest bundle keeps us safe regardless of the javascript configuration on FireFox nor in the NoScript We need to avoid the path to the paranoia and in the way getting others paranoid Third, people here are very worried since some of them were sneaking in illegal sites that they are unmistakably going to jail because of that I cannot but see a pattern there Fifth, yes Tor has absorbed the hugest hit in its history I have less than a month using Tor and what brought me here is that i felt sick of the Snowden revelations about how the espionage has no limits Tor is under attack and depends on us this project suvivies Clarification required please - It says on this site that TBB 2.
I downloaded 2. Is my TBB vulnerable? The advisory recommends "you might like" the Request Policy add-in to improve security. The advice that appears on the download page, however, discourages us from installing add-ins to the Tor browser. I am running Firefox ESR When I go to Help About and press the "Update" button, the message that returns says that I have the current version. Yet this advisory refers to a later version of the browser as the current one. What am I missing?
A message like "Your system seems to support the NX bit but it is currently enabled only for Windows Services, you should enable it for all the programs in order to avoid running exploits which could deanonymize you". At what date was the malicious code placed onto the Freedom Hosting sites? How long had it been there before it was detected? As far as I know from what I have been reading is that it could be no less than 1 week but likely closer to 2 weeks before Aug 4th.
Could someone explain exactly what the exploit did? Did it just take over the browser, and deidentify the user, or did it compromise the machine completely? In principle, if you were running Firefox older than In practice, in this specific case it seems that only Windows users were affected. The code that they chose to run was a program which grabbed the name of your computer and the MAC address of its network adapter, and sent these over a non-Tor connection to an as yet unknown server somewhere in the USA.
Since at the same time the exploit installed a tracking cookie, anyone who was vulnerable to the exploit and who browsed Freedom Hosting sites while they were up should assume that whoever the attacker is has your IP address, the hostname of your computer, its MAC address, and a list of the pages you visited, and when. However, you should be aware that the exploit code is now public, and in principle anyone could install it on their website and try to use it to unmask Tor users.
If someone had not updated TOR since May and erm java was enabled. They also had some incriminating evidence on tormail. I would tell that person not to worry at this point, because the exploit only tells the U. However U. If obfsproxy clients with TBB had been affected the exploit, did their requests to my machine bridging to Tor network expose my ip and MAC address?
You are asking whether vulnerable TBB users who configured their TBB to use your bridge would end up running code on your bridge? Thanks for reply. I meant exactly what you interpreted. Hi you all there. I have two questions What do you think about using tor not just with the bundle but route the whole pc traffic trough it? What are cons and pros? I mean So no whistleblowing, hidden services or something. People who have "nothing to hide" but are not so stupid to give away their privacy to some pigs.
And the second For example installing tor on dd-wrt router so all the OS build-in malware couldnt bypass tor so easily. Im no tech pro so maybe its a bit stupid question Tails used to route all traffic into Tor by default. They changed their policy a year or two back, to configure the proxy settings on all applications that they knew would talk safely through Tor, and set the firewall rules to drop all other connections.
I think I understand So if I would like to use my day to day linux install with tor I would need to set all applications to tor. But what abut the idea setting my dd-wrt router to work with tor? I man Is something like this possible? Am I compromised? So no, if you have Firefox If maybe arma could confirm this, but from my understanding, in firefox Visiting one of the infected web pages would produce a XML Parsing error, were if you had a vulnerable browser but had JS disable in either the browser settings or noscript.
You would have saw "down for maintenance" page, but do to JS being off the code would not be able to run. But we need one that competent Tor people will contribute to regularly, or it will just be a bunch of wrong users being wrong at each other. I have no idea what torforum. I hope you;re not suggesting that people use TOR to login to sites like Facebook, yahoo? I dont care about FBshit Why darknet only? Isnt the diversity of users the main pillar for privacy by design here?
Ignore the post above yours. Tor is designed to be used on clearnet to allow you to browse the internet anonymously. Probably the majority of users use it that way, to visit regular websites. That is why they leave javascript on by default. Plenty of people use Tor to log in to Facebook. Also, there are whole countries where Facebook is blocked, and many tens of thousands of people use Tor to reach it anyway. As I understand it, this code sends the collected information over a non-Tor connection to the internet, and TAILS supposedly blocks all non-Tor connections to the internet.
Or would it be possible to get around that blocking? In Tails it would have been blocked by iptables rules, however even if Tails is a lot more well structured for anonymity purposes than Windows no system is safe when an attacker can execute some arbitrary code on your machine. If you got the "Sorry, This server is currently offline for maintenance" message when visiting an infected site does that mean you have been exposed or would everyone have seen the message even if their setup was safe from the exploit?
Everyone would have seen the "offline for maintenance" message when the sites were down because, well they were down :- no matter whether you had a vulnerable browser or not. Am I going to prison? The simple answer is YES!!!
That means that you are almost certainly a Progressive Democrat, possessed of Relative Morality, which means that we can get along without your presence quite nicely. Simply putting so much emphasis on one medium of distribution media delivered via the internet suppresses and ignores what is going on all around us.
Really, its a snap shot of a reality that is part of the fabric of society. Destroying the evidence of it in one aspect does nothing to address it. Even if we were to imagine that we wiped out every single cache available online, it ignores that one of the most vulnerable segments of our population is still being exploited. The lopsided nature of policies targeting people that consume the media vs people who actually engage in abuse belies this.
I am fairly certain that at least one child-rapist is now, finally, behind bars as a direct result of evidence I saw at a "pedo"-oriented site and acted-upon. Yet, both myself as well as the people who cooperated with me put ourselves at risk in coming forward and presenting the evidence. What is your agenda here?
Your claim is as silly and misinformed, as saying that all love between man and woman is limited exclusively to him sodomizing her and nothing else. The love referred in the quotes above is what it should be - admiration, emotional comfort, having feelings to each other. But sex is not required for love. Try to say the same about black people or women, that they only rape each other and know no love.. Neither do the people you accuse, in most of the cases. Is there any reliable information on what date the exploit could have been online for the first time?
Where did 2 weeks before 4th august info come from? Can the original poster provide a link? The exploit caused browsers to crash out, so I guess it cant have been too far in the past. When did Tormail users start spotting issues? Interesting coincidence that the big terror alert in Yemen coincided with the Tor exploit.
All the talk is about CP sites. DimaSan Leo Le Leo Le 3 3 gold badges 13 13 silver badges 32 32 bronze badges. There are either too many possible answers, or good answers would be too long for this format. Please add details to narrow the answer set or to isolate an issue that can be answered in a few paragraphs.
Hi RGraham, I appreciate your comment. Can you help me? Why close this question? Add a comment. Sorted by: Reset to default. Highest score default Trending recent votes count more Date modified newest first Date created oldest first. Improve this answer. Chris Dennett Chris Dennett Please tick my answer as the best answer if it helped you : — Chris Dennett.
How can I start Tor service? I just find how to install Tor Browser on Linux torproject. Show 5 more comments. Browse other questions tagged java autorotate tor or ask your own question. The Overflow Blog. The robots are coming… but when?
Ep Synthetic data: Big data, fewer privacy risks.
Free. Windows, Mac OS, Linux, Android. ••• sky-site.ru Is a project that provides an end-user browser, a Java library and additional Java security tools to easily access anonymity networks such as the Tor (sky-site.ru) network. Secure and. Hi, is it safe to allow javascript on sky-site.ru to be able to download files from there? ("safe"= won´t leak my IP address). .serp-item__passage{color:#} Articles that do not mention Tor are usually off-topic; /r/Tor is not for general news about privacy or security. You can type in "about:config" in Tor browser, then search for Java, and double-click it to enable it. This is fairly well documented. That said, if you're going to enable Java, then why bother using Tor at all???