Bitcoin Forum
November 18, 2024, 04:12:25 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Half of all Tor sites compromised, Freedom Hosting founder arrested.  (Read 5091 times)
Zotia (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 501


TokenUnion-Get Rewarded for Holding Crypto


View Profile
August 04, 2013, 11:38:07 PM
 #1

http://www.twitlonger.com/show/n_1rlo0uu

Freedom Hosting was a Tor hidden service, just like the Silk Road.


▄████████████████████████████▄
██████████████████████████████
███████                ██████
███████                ██████
███████▄▄▄▄▄▄    ▄▄▄▄▄▄███████
███████▀▀▀▀██    ██▀▀▀▀███████
███████    ██    ██    ███████
███████    ██    ██    ███████
███████    ██    ██    ███████
███████    ██    ██    ███████
███████    ██    ██    ███████
███████    ▀██▄▄██▀    ███████
███████▄     ▀▀▀▀     ▄███████
████████▄            ▄████████
██████████▄▄      ▄▄██████████
██████████████████████████████
▀████████████████████████████▀
.
.TokenUnion.










Reinventing Savings via Cryptoeconomically
Incentivized Holding

    ████▄▄▄
   ██  ▀▀▀████▄▄▄
   ██        ▀▀▀███▄
  ██     ▄██▄     ██
  ██     ▀██▀     ██
 ██   ███▄▄▄     ██
 ██     ▀▀▀███   ██
██   ███▄▄▄     ██
██     ▀▀▀███   ██
▀███▄▄▄        ██
   ▀▀▀████▄▄▄  ██
         ▀▀▀████
WP
■  Telegram     ■  Github
            ■  Reddit     ■  Twitter
ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
August 04, 2013, 11:42:01 PM
 #2

Hmm to be honest I haven't realized the magnitude. What happened exactly?

Was this strictly a client side exploit or was something used to reveal the real ip of the server?
The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used.


So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins.
humanitee
Hero Member
*****
Offline Offline

Activity: 1302
Merit: 502



View Profile
August 04, 2013, 11:53:11 PM
 #3

Hmm to be honest I haven't realized the magnitude. What happened exactly?

Was this strictly a client side exploit or was something used to reveal the real ip of the server?
The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used.


So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins.

Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real.

My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear.

All users would have been safe if they would have disabled javascript. God damn noobs.

▄▄▄██████▄▄▄
▄███▀▀▀▀▀████▄▄ █▄▄
▄▄          ▀▀████▄  ██▄
█████▄            ▀█████  ██▄
▄█████████           ▀█████ ███▄
▄█████████▀▀           ▀█████ ███▄
▄███  █████             ▀█████ ████
███  █████                █████ ████
███ █████                  ████  ████
███ █████                ▄████  ████
███ █████                ███████████
▀██ █████▄                █████████
▀██ ██████▄                ▀█████
▀██ ███████                  ▀▀▀
▀██ ██████▄▄                 
▀██ ██████▄▄▄▄▄▄▄▄▄▄▄▄███▀
▀▀ █████████████████▀
▀▀▀██████▀▀▀▀

Fast, Secure, and Fully

DecentralizeTrading
BACKED BY:
─────────────────────────
BINANCE
─────── LAB
&█████████████████████████████████ █  ███
█▀    ▀█  ███▀▀▀▀▀████████  ████▀▀███▀ █
█  █████    ▄▄▄▄▄  █  ▀  █    ███  █  ██
█▄    ▀█  ██       █  ▄███  ██████   ███
█████  █  ██  ███  █  ████  ████  ▄  ███
█▄    ▄█▄  ▄█▄     ▀  ████▄  ▄█   ██  ██
████████████████████████████████████████


  Whitepaper
 Medium
Reddit
ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
August 05, 2013, 12:04:33 AM
 #4

Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real.

My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear.

Well whoever knows the facts in that regard first will have the advantage.
vokain
Legendary
*
Offline Offline

Activity: 1834
Merit: 1019



View Profile WWW
August 05, 2013, 12:05:59 AM
 #5

this should only help decentralization
BitCoiner2012
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250



View Profile
August 05, 2013, 12:08:21 AM
 #6

So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?

BTC Long.
fr33d0miz3r
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
August 05, 2013, 12:08:54 AM
 #7

So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?

yep, maybe
BitCoiner2012
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250



View Profile
August 05, 2013, 12:10:01 AM
 #8

So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?

yep, maybe

Isn't that.. tremendously awful?

BTC Long.
Melbustus
Legendary
*
Offline Offline

Activity: 1722
Merit: 1004



View Profile
August 05, 2013, 12:15:12 AM
 #9

So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?

yep, maybe


Why not just use BitMessage:
https://bitcointalk.org/index.php?topic=226770.0

Bitcoin is the first monetary system to credibly offer perfect information to all economic participants.
01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 503



View Profile
August 05, 2013, 12:15:37 AM
 #10

Hmm to be honest I haven't realized the magnitude. What happened exactly?

Was this strictly a client side exploit or was something used to reveal the real ip of the server?
The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used.


So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins.

Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real.

My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear.

All users would have been safe if they would have disabled javascript. God damn noobs.
That's why Whonix seem pretty safe. It use one virtual machine as a proxy to Tor and a second one for browsing and doing stuff. The second virtual machine only has connectivity to the first virtual machine so IP address can't leak even when compromised.
humanitee
Hero Member
*****
Offline Offline

Activity: 1302
Merit: 502



View Profile
August 05, 2013, 12:18:15 AM
 #11

I don't think it's going to be too bad. Apparently Tormail went down sporadically over the past few weeks and when it did, it did not coincide with Silk Road also going down.

The only people this will affect are people who didn't encrypt all their shit, as they should have been doing.


That's why Whonix seem pretty safe. It use one virtual machine as a proxy to Tor and a second one for browsing and doing stuff. The second virtual machine only has connectivity to the first virtual machine so IP address can't leak even when compromised.

Sweet!

▄▄▄██████▄▄▄
▄███▀▀▀▀▀████▄▄ █▄▄
▄▄          ▀▀████▄  ██▄
█████▄            ▀█████  ██▄
▄█████████           ▀█████ ███▄
▄█████████▀▀           ▀█████ ███▄
▄███  █████             ▀█████ ████
███  █████                █████ ████
███ █████                  ████  ████
███ █████                ▄████  ████
███ █████                ███████████
▀██ █████▄                █████████
▀██ ██████▄                ▀█████
▀██ ███████                  ▀▀▀
▀██ ██████▄▄                 
▀██ ██████▄▄▄▄▄▄▄▄▄▄▄▄███▀
▀▀ █████████████████▀
▀▀▀██████▀▀▀▀

Fast, Secure, and Fully

DecentralizeTrading
BACKED BY:
─────────────────────────
BINANCE
─────── LAB
&█████████████████████████████████ █  ███
█▀    ▀█  ███▀▀▀▀▀████████  ████▀▀███▀ █
█  █████    ▄▄▄▄▄  █  ▀  █    ███  █  ██
█▄    ▀█  ██       █  ▄███  ██████   ███
█████  █  ██  ███  █  ████  ████  ▄  ███
█▄    ▄█▄  ▄█▄     ▀  ████▄  ▄█   ██  ██
████████████████████████████████████████


  Whitepaper
 Medium
Reddit
crumbs
Full Member
***
Offline Offline

Activity: 210
Merit: 100



View Profile
August 05, 2013, 12:20:12 AM
 #12

All users would have been safe if they would have disabled javascript. God damn noobs.

As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config.
01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 503



View Profile
August 05, 2013, 12:20:50 AM
 #13

All users would have been safe if they would have disabled javascript. God damn noobs.

As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config.
Not JS.  Lips sealed

https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
fr33d0miz3r
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
August 05, 2013, 12:22:28 AM
 #14

https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting

Quote
From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix
them if we can.
crumbs
Full Member
***
Offline Offline

Activity: 210
Merit: 100



View Profile
August 05, 2013, 12:24:41 AM
 #15

All users would have been safe if they would have disabled javascript. God damn noobs.

As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config.
Not JS.  Lips sealed

https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

Whoops--sorry, you're right.  
/off to check the the box Angry
Edit: lol, everything was disabled but i obviously should crime more -- older version of ff.
cedivad
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
August 05, 2013, 12:26:04 AM
 #16

Most interesting reading in a while, thanks.

My anger against what is wrong in the Bitcoin community is productive:
Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)
Hashfast.org - Wiki for screwed customers
adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1037


Trusted Bitcoiner


View Profile WWW
August 05, 2013, 12:39:02 AM
 #17

Time to buy NameCoin  Huh

fr33d0miz3r
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
August 05, 2013, 12:40:04 AM
 #18

Time to buy NameCoin  Huh


why? namecoin is not a hosting.
adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1037


Trusted Bitcoiner


View Profile WWW
August 05, 2013, 12:42:53 AM
 #19

Time to buy NameCoin  Huh


why? namecoin is not a hosting.

dencentralized domain name service .bit

humanitee
Hero Member
*****
Offline Offline

Activity: 1302
Merit: 502



View Profile
August 05, 2013, 12:44:20 AM
 #20

dencentralized domain name service .bit

I wish it were that easy. Tor != namecoin

▄▄▄██████▄▄▄
▄███▀▀▀▀▀████▄▄ █▄▄
▄▄          ▀▀████▄  ██▄
█████▄            ▀█████  ██▄
▄█████████           ▀█████ ███▄
▄█████████▀▀           ▀█████ ███▄
▄███  █████             ▀█████ ████
███  █████                █████ ████
███ █████                  ████  ████
███ █████                ▄████  ████
███ █████                ███████████
▀██ █████▄                █████████
▀██ ██████▄                ▀█████
▀██ ███████                  ▀▀▀
▀██ ██████▄▄                 
▀██ ██████▄▄▄▄▄▄▄▄▄▄▄▄███▀
▀▀ █████████████████▀
▀▀▀██████▀▀▀▀

Fast, Secure, and Fully

DecentralizeTrading
BACKED BY:
─────────────────────────
BINANCE
─────── LAB
&█████████████████████████████████ █  ███
█▀    ▀█  ███▀▀▀▀▀████████  ████▀▀███▀ █
█  █████    ▄▄▄▄▄  █  ▀  █    ███  █  ██
█▄    ▀█  ██       █  ▄███  ██████   ███
█████  █  ██  ███  █  ████  ████  ▄  ███
█▄    ▄█▄  ▄█▄     ▀  ████▄  ▄█   ██  ██
████████████████████████████████████████


  Whitepaper
 Medium
Reddit
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!