|
|
ElectricMucus
Legendary
 Offline
Activity: 1666
Merit: 1057
Marketing manager - GO MP
|
 |
August 04, 2013, 11:42:01 PM |
|
Hmm to be honest I haven't realized the magnitude. What happened exactly?
Was this strictly a client side exploit or was something used to reveal the real ip of the server?
The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used.
So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins.
|
|
|
|
|
|
humanitee
|
|
August 04, 2013, 11:53:11 PM |
|
Hmm to be honest I haven't realized the magnitude. What happened exactly?
Was this strictly a client side exploit or was something used to reveal the real ip of the server?
The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used.
So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins.
Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real. My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear. All users would have been safe if they would have disabled javascript. God damn noobs. |
| | |
Fast, Secure, and Fully
Decentralized Trading | BACKED BY:
─────────────────────────
| BINANCE
─────── LAB | & | █████████████████████████████████ █ ███
█▀ ▀█ ███▀▀▀▀▀████████ ████▀▀███▀ █
█ █████ ▄▄▄▄▄ █ ▀ █ ███ █ ██
█▄ ▀█ ██ █ ▄███ ██████ ███
█████ █ ██ ███ █ ████ ████ ▄ ███
█▄ ▄█▄ ▄█▄ ▀ ████▄ ▄█ ██ ██
████████████████████████████████████████ |
|
|
| Whitepaper
Medium
Reddit
|
|
|
|
ElectricMucus
Legendary
Offline
Activity: 1666
Merit: 1057
Marketing manager - GO MP
|
|
August 05, 2013, 12:04:33 AM |
|
Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real.
My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear.
Well whoever knows the facts in that regard first will have the advantage. |
|
|
|
|
vokain
Legendary
Offline
Activity: 1834
Merit: 1019
|
|
August 05, 2013, 12:05:59 AM |
|
this should only help decentralization
|
|
|
|
|
|
BitCoiner2012
|
|
August 05, 2013, 12:08:21 AM |
|
So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?
|
BTC Long.
|
|
|
|
fr33d0miz3r
|
|
August 05, 2013, 12:08:54 AM |
|
So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?
yep, maybe |
|
|
|
|
|
BitCoiner2012
|
|
August 05, 2013, 12:10:01 AM |
|
So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?
yep, maybe Isn't that.. tremendously awful? |
BTC Long.
|
|
|
Melbustus
Legendary
Offline
Activity: 1722
Merit: 1004
|
|
August 05, 2013, 12:15:12 AM |
|
So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?
yep, maybe Why not just use BitMessage: https://bitcointalk.org/index.php?topic=226770.0 |
Bitcoin is the first monetary system to credibly offer perfect information to all economic participants.
|
|
|
01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
August 05, 2013, 12:15:37 AM |
|
Hmm to be honest I haven't realized the magnitude. What happened exactly?
Was this strictly a client side exploit or was something used to reveal the real ip of the server?
The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used.
So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins.
Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real. My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear. All users would have been safe if they would have disabled javascript. God damn noobs. That's why Whonix seem pretty safe. It use one virtual machine as a proxy to Tor and a second one for browsing and doing stuff. The second virtual machine only has connectivity to the first virtual machine so IP address can't leak even when compromised. |
|
|
|
|
|
humanitee
|
|
August 05, 2013, 12:18:15 AM |
|
I don't think it's going to be too bad. Apparently Tormail went down sporadically over the past few weeks and when it did, it did not coincide with Silk Road also going down. The only people this will affect are people who didn't encrypt all their shit, as they should have been doing. That's why Whonix seem pretty safe. It use one virtual machine as a proxy to Tor and a second one for browsing and doing stuff. The second virtual machine only has connectivity to the first virtual machine so IP address can't leak even when compromised.
Sweet! |
| | |
Fast, Secure, and Fully
Decentralized Trading | BACKED BY:
─────────────────────────
| BINANCE
─────── LAB | & | █████████████████████████████████ █ ███
█▀ ▀█ ███▀▀▀▀▀████████ ████▀▀███▀ █
█ █████ ▄▄▄▄▄ █ ▀ █ ███ █ ██
█▄ ▀█ ██ █ ▄███ ██████ ███
█████ █ ██ ███ █ ████ ████ ▄ ███
█▄ ▄█▄ ▄█▄ ▀ ████▄ ▄█ ██ ██
████████████████████████████████████████ |
|
|
| Whitepaper
Medium
Reddit
|
|
|
|
|
crumbs
|
|
August 05, 2013, 12:20:12 AM |
|
All users would have been safe if they would have disabled javascript. God damn noobs.
As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config. |
|
|
|
|
01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
August 05, 2013, 12:20:50 AM |
|
All users would have been safe if they would have disabled javascript. God damn noobs.
As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config. Not JS.  https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled |
|
|
|
|
|
fr33d0miz3r
|
|
August 05, 2013, 12:22:28 AM |
|
https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hostingFrom what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix
them if we can.
|
|
|
|
|
|
crumbs
|
|
August 05, 2013, 12:24:41 AM |
|
Whoops--sorry, you're right. /off to check the the box  Edit: lol, everything was disabled but i obviously should crime more -- older version of ff. |
|
|
|
|
cedivad
Legendary
Offline
Activity: 1176
Merit: 1001
|
|
August 05, 2013, 12:26:04 AM |
|
Most interesting reading in a while, thanks.
|
My anger against what is wrong in the Bitcoin community is productive: Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)Hashfast.org - Wiki for screwed customers |
|
|
adamstgBit
Legendary
Offline
Activity: 1904
Merit: 1037
Trusted Bitcoiner
|
|
August 05, 2013, 12:39:02 AM |
|
Time to buy NameCoin  |
|
|
|
|
fr33d0miz3r
|
|
August 05, 2013, 12:40:04 AM |
|
Time to buy NameCoin why? namecoin is not a hosting. |
|
|
|
|
adamstgBit
Legendary
Offline
Activity: 1904
Merit: 1037
Trusted Bitcoiner
|
|
August 05, 2013, 12:42:53 AM |
|
Time to buy NameCoin why? namecoin is not a hosting. dencentralized domain name service .bit |
|
|
|
|
humanitee
|
|
August 05, 2013, 12:44:20 AM |
|
dencentralized domain name service .bit
I wish it were that easy. Tor != namecoin |
| | |
Fast, Secure, and Fully
Decentralized Trading | BACKED BY:
─────────────────────────
| BINANCE
─────── LAB | & | █████████████████████████████████ █ ███
█▀ ▀█ ███▀▀▀▀▀████████ ████▀▀███▀ █
█ █████ ▄▄▄▄▄ █ ▀ █ ███ █ ██
█▄ ▀█ ██ █ ▄███ ██████ ███
█████ █ ██ ███ █ ████ ████ ▄ ███
█▄ ▄█▄ ▄█▄ ▀ ████▄ ▄█ ██ ██
████████████████████████████████████████ |
|
|
| Whitepaper
Medium
Reddit
|
|
|
|
|
