Half of all Tor sites compromised, Freedom Hosting founder arrested.

[Zotia]

http://www.twitlonger.com/show/n_1rlo0uu

Freedom Hosting was a Tor hidden service, just like the Silk Road.

[1714728347]

1714728347

[1714728347]

1714728347

[1714728347]

1714728347

[ElectricMucus]

Hmm to be honest I haven't realized the magnitude. What happened exactly?

Was this strictly a client side exploit or was something used to reveal the real ip of the server?
The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used.


So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins.

[humanitee]

Hmm to be honest I haven't realized the magnitude. What happened exactly?

Was this strictly a client side exploit or was something used to reveal the real ip of the server?
The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used.


So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins.

Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real.

My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear.

All users would have been safe if they would have disabled javascript. God damn noobs.

[ElectricMucus]

Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real.

My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear.

Well whoever knows the facts in that regard first will have the advantage.

[vokain]

this should only help decentralization

[BitCoiner2012]

So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?

[fr33d0miz3r]

So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?

yep, maybe

[BitCoiner2012]

So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?

yep, maybe

Isn't that.. tremendously awful?

[Melbustus]

So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?

yep, maybe

Why not just use BitMessage:
https://bitcointalk.org/index.php?topic=226770.0

[01BTC10]

Hmm to be honest I haven't realized the magnitude. What happened exactly?

Was this strictly a client side exploit or was something used to reveal the real ip of the server?
The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used.


So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins.

Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real.

My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear.

All users would have been safe if they would have disabled javascript. God damn noobs.

That's why Whonix seem pretty safe. It use one virtual machine as a proxy to Tor and a second one for browsing and doing stuff. The second virtual machine only has connectivity to the first virtual machine so IP address can't leak even when compromised.

[humanitee]

I don't think it's going to be too bad. Apparently Tormail went down sporadically over the past few weeks and when it did, it did not coincide with Silk Road also going down.

The only people this will affect are people who didn't encrypt all their shit, as they should have been doing.

That's why Whonix seem pretty safe. It use one virtual machine as a proxy to Tor and a second one for browsing and doing stuff. The second virtual machine only has connectivity to the first virtual machine so IP address can't leak even when compromised.

Sweet!

[crumbs]

All users would have been safe if they would have disabled javascript. God damn noobs.

As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config.

[01BTC10]

All users would have been safe if they would have disabled javascript. God damn noobs.

As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config.

Not JS.  

https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

[fr33d0miz3r]

https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting

From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix
them if we can.

[crumbs]

All users would have been safe if they would have disabled javascript. God damn noobs.

As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config.

Not JS.  

https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

Whoops--sorry, you're right.  
/off to check the the box
Edit: lol, everything was disabled but i obviously should crime more -- older version of ff.

[cedivad]

Most interesting reading in a while, thanks.

[adamstgBit]

Time to buy NameCoin 

[fr33d0miz3r]

Time to buy NameCoin  

why? namecoin is not a hosting.

[adamstgBit]

Time to buy NameCoin  

why? namecoin is not a hosting.

dencentralized domain name service .bit

[humanitee]

dencentralized domain name service .bit

I wish it were that easy. Tor != namecoin