I composed the following SOME TIME back! (must have been around the time of
the Freedom Hosting initial revalations)
-- it was never sent, so here it is.
I don't have the dates, but this reply should get threaded properly...
My reply is dated in the sense that it was based on info at the
But this data is not useful for any but most advanced user.
TBB should autoupdate for any nongeek user. I hope some safe way of this update
exists.
--
Jerzy Łogiewa -- jerz...@interia.eu
On Aug 6, 2013, at 5:11 PM, CodesInChaos wrote:
When the user's version is outdated you already display
On 2013-08-07, at 12:44 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Bbrewer:
We're understaffed, so we tend to pick the few things we might
accomplish and writing such advisory emails is weird unless there is an
exceptional event. Firefox bugs and corresponding updates are not
On 2013-08-07, at 12:58 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-07, at 12:44 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Bbrewer:
We're understaffed, so we tend to pick the few things we might
accomplish and writing such advisory emails is weird
Nadim Kobeissi:
On 2013-08-07, at 12:58 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-07, at 12:44 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Bbrewer:
We're understaffed, so we tend to pick the few things we might
accomplish and writing such advisory
On 2013-08-07, at 1:05 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-07, at 12:58 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-07, at 12:44 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Bbrewer:
We're understaffed, so we
The advisory was about bug being exploited in the wild, so, yes.
That was covered well in Roger's last email.
I'm aware, I did read his email. I was just under the impression that
you publish advisories about *vulnerabilities*, not about *exploits*.
But perhaps you're teaching me (and the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/07/2013 12:35 PM, Jacob Appelbaum wrote:
The advisory was about bug being exploited in the wild, so,
yes. That was covered well in Roger's last email.
I'm aware, I did read his email. I was just under the impression
that you publish
On 8/7/13 9:22 AM, Claudio wrote:
How about we stop this nonsense repetitive blame game and get back at
proposing good practices for the future?
Nadim, since you clearly admitted on the other thread from Shava that
you're just campaigning a personal attack against Jacob, I'm not even
Although I agree in principle (in the sense of friendly advice to
Nadim), let's all just remember this same advice the next time
Applebaum goes on one of *his* tirades, shall we?
Now returning to your regularly scheduled rants against The Man.
On Wed, Aug 7, 2013 at 8:29 AM, Joseph Lorenzo Hall
On 8/7/2013 8:29 AM, Joseph Lorenzo Hall wrote:
On 8/7/13 9:22 AM, Claudio wrote:
How about we stop this nonsense repetitive blame game and get back at
proposing good practices for the future?
Nadim, since you clearly admitted on the other thread from Shava that
you're just campaigning a
little girls?!
WTF
On Wed Aug 7 09:37:55 2013, Crypto wrote:
On 8/7/2013 8:29 AM, Joseph Lorenzo Hall wrote:
I add my vote also. If you two want to fight like little girls that it
off list. Continuing to SPAM the list with your constant bickering only
increases your lack of credibility.
Yay casual sexism... okay, everybody's had their say. I agree with
Nadim's point, but he's made it already, and I agree with those who
say it's time for us all to get back to work.
It's a beautiful day here in Texas and I hope for the same for you
all, wherever you are. I'll be getting back to
On 8/7/2013 8:49 AM, Kyle Maxwell wrote:
Yay casual sexism... okay, everybody's had their say. I agree with
Nadim's point, but he's made it already, and I agree with those who
say it's time for us all to get back to work.
It's a beautiful day here in Texas and I hope for the same for you
No and no.
It was an issue found by a external security researcher who has submitted a lot
of issues to us over time. He found it through his process of investigation and
reported it directly to us (responsible disclosure and such). It was a problem
and we fixed it. The first indications of
OK, everyone, let's try to cool it a bit. This discussion is extremely
important, so let's not let it deteriorate into bickering. Otherwise, I'll
have to moderate it, a task I don't enjoy.
Kudos to all of you who have already expressed a similar sentiment,
Yosem, one of the moderators
On
On 2013-08-06, at 3:19 AM, Jacob Appelbaum ja...@appelbaum.net wrote:
Griffin Boyce:
Al,
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch without
reading firefox's changelog. Two days ago I presented a talk which
Nadim Kobeissi:
On 2013-08-06, at 3:19 AM, Jacob Appelbaum ja...@appelbaum.net
wrote:
Griffin Boyce:
Al,
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch
without reading firefox's changelog. Two days ago I
On 2013-08-06, at 11:46 AM, Al Billings alb...@openbuddha.com wrote:
Nadim you seem confused by how this works. Tor doesn't need to issue
advisories for Firefox issues. We, at Mozilla, already issue them. Perhaps
they can link to them clearly but if you want to know about security issues
On Tue, Aug 6, 2013 at 12:30 PM, Jacob Appelbaum ja...@appelbaum.netwrote:
Please feel free to answer the question, we're happy to learn from an
example. Are either of you involved in such an example? Might we learn
from your example? If so, where might we see it?
Tails references upstream
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings alb...@openbuddha.com
wrote:
Nadim you seem confused by how this works. Tor doesn't need to
issue advisories for Firefox issues. We, at Mozilla, already issue
them. Perhaps they can link to them clearly but if you want to know
about
On 2013-08-06, at 12:55 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings alb...@openbuddha.com
wrote:
Nadim you seem confused by how this works. Tor doesn't need to
issue advisories for Firefox issues. We, at Mozilla, already issue
Maxim Kammerer:
On Tue, Aug 6, 2013 at 12:30 PM, Jacob Appelbaum ja...@appelbaum.netwrote:
Please feel free to answer the question, we're happy to learn from an
example. Are either of you involved in such an example? Might we learn
from your example? If so, where might we see it?
Tails
Nadim Kobeissi:
On 2013-08-06, at 12:55 PM, Jacob Appelbaum ja...@appelbaum.net
wrote:
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings alb...@openbuddha.com
wrote:
Nadim you seem confused by how this works. Tor doesn't need to
issue advisories for Firefox issues. We, at
On Tue, Aug 6, 2013 at 1:07 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Somewhere there is a line and clearly, we failed to meet
the high standards of a few folks on this list. I'm mostly curious if
that high standard will be expressed in a cohesive manner where we might
learn from it.
Jacob Appelbaum:
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings alb...@openbuddha.com
wrote:
Nadim you seem confused by how this works. Tor doesn't need to
issue advisories for Firefox issues. We, at Mozilla, already issue
them. Perhaps they can link to them clearly but if you
Maxim Kammerer:
On Tue, Aug 6, 2013 at 1:07 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Somewhere there is a line and clearly, we failed to meet
the high standards of a few folks on this list. I'm mostly curious if
that high standard will be expressed in a cohesive manner where we might
Asa Rossoff:
Jacob Appelbaum:
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings alb...@openbuddha.com
wrote:
Nadim you seem confused by how this works. Tor doesn't need to
issue advisories for Firefox issues. We, at Mozilla, already issue
them. Perhaps they can link to them clearly
On 2013-08-06, at 1:23 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-06, at 12:55 PM, Jacob Appelbaum ja...@appelbaum.net
wrote:
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings alb...@openbuddha.com
wrote:
Nadim you seem confused by how this
Hi,
Maxim Kammerer wrote (06 Aug 2013 09:52:36 GMT) :
Tails references upstream advisories, or at least did so in the past.
https://tails.boum.org/security/Numerous_security_holes_in_0.18/
Right, and we have no plan to stop doing this. What we've been doing
for years when releasing a new Tails
Jacob Appelbaum:
I like this idea - though I wonder how users would feel about it? Will
they read it? Should it be our own RSS feed or an RSS feed of Mozilla's
data?
I don't like the idea. You need to worry about the upgrading behavior of
casual users of TBB, who aren't going to bother to
Joseph Lorenzo Hall:
On 8/6/13 6:41 AM, Jacob Appelbaum wrote:
(2) Even have an RSS feed of them available through the TBB, as well as RSS
of TBB releases, and what security issues are covred including one advised
by Firefox. This could notify of stable, alpha and beta releases, so
Nadim Kobeissi:
On 2013-08-06, at 1:23 PM, Jacob Appelbaum ja...@appelbaum.net
wrote:
Nadim Kobeissi:
On 2013-08-06, at 12:55 PM, Jacob Appelbaum
ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings
alb...@openbuddha.com wrote:
Nadim you seem
intrigeri:
Hi,
Maxim Kammerer wrote (06 Aug 2013 09:52:36 GMT) :
Tails references upstream advisories, or at least did so in the past.
https://tails.boum.org/security/Numerous_security_holes_in_0.18/
Right, and we have no plan to stop doing this. What we've been doing
for years when
konfku...@riseup.net:
Jacob Appelbaum:
I like this idea - though I wonder how users would feel about it? Will
they read it? Should it be our own RSS feed or an RSS feed of Mozilla's
data?
I don't like the idea. You need to worry about the upgrading behavior of
casual users of TBB, who
But, this is the Firefox / Tor Browser Bundle exploit.
The question is how FBI gained access to Freedom Hosting? What kind of
exploits did they use?
Pavol
On Mon, Aug 05, 2013 at 09:08:49PM -0500, Kyle Maxwell wrote:
According to THN[0] and several linked supporting sites from there
In fact, I wrote the advisory in question and generally write all of them (with
input from Mozilla developers and other security team members).
Al
--
Al Billings
http://makehacklearn.org
On Tuesday, August 6, 2013 at 2:30 AM, Jacob Appelbaum wrote:
Mozilla issued an updated blog post in
Except this issue was a Firefox issue, fixed in ESR 17.0.7 and which we had
posted an advisory for six weeks ago today. So, yes, you're asking Tor to copy
and paste Firefox advisories. The issue wasn't a Tor-specific issue except that
the way it was being spread targeted the TBB. It was a
On Tuesday, August 6, 2013 at 9:58 AM, Brian Conley wrote:
Al, I'm not a developer, so please bear with me.
Do you disagree that TBB is forked software?
That depends on your definition. They aren't taking a fork of Firefox and
running off with it for a year or two. They are (and I don't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/06/2013 10:18 AM, Pavol Luptak wrote:
The question is how FBI gained access to Freedom Hosting? What kind
of exploits did they use?
Freedom Hosting offered web hosting services to people that asked for
it, yes?
A hypothesis I've seen
When the user's version is outdated you already display an update notice.
You could add those items from
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
that apply to the current version. Listing particular vulnerabilities makes
it clear that you actually should
update and
Plausible and clever in it's simplicity. Moral of the story: host your
own server. Anybody know what ever happened to Publius[1]? Did that
concept ever go anywhere?
1 http://www.cs.nyu.edu/waldman/publius/
On 8/6/2013 1:38 PM, The Doctor wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Aug 6, 2013 at 12:28 PM, R. Jason Cronk r...@privacymaverick.com
wrote:
... Anybody know what ever happened to Publius[1]? Did that concept
ever go anywhere?
1 http://www.cs.nyu.edu/waldman/publius/
wow, that takes me back. i remember running publius when it launched
back in the
* Jacob Appelbaum:
This is not accurate. We heard about attempts at exploitation and within
~24hrs we released an advisory - we had already released fixed code a
~month before exploitation was found in the wild. Please do not mix up
the time-line. To restate:
2.3.25-10 (released June 26
On Tue, Aug 6, 2013 at 3:11 PM, Florian Weimer f...@deneb.enyo.de wrote:
(Automated updates are a mixed blessing because they could invite
court orders to roll out specific versions to certain users.)
No crap.
_please_ don't deploy automatic updates in a sensitive environment
like this without
We're understaffed, so we tend to pick the few things we might
accomplish and writing such advisory emails is weird unless there is an
exceptional event. Firefox bugs and corresponding updates are not
exceptional events. :(
Pardon me,
But it does seem that this one was.
No?
Sent with AquaMail
On Tue, Aug 06, 2013 at 01:50:31PM +0300, Nadim Kobeissi wrote:
Yes, to be absolutely clear, I think Tor should issue advisories for
confirmed security issues in Tor Browser, since Tor Browser is a fork
of Firefox and is independently maintained. This is exactly what Tor
did this time, except
On Tue, Aug 6, 2013 at 10:19 PM, Andy Isaacson a...@hexapodia.org wrote:
We have to move past the bug the user again model of security system
deployment.
In the general sense, yes. Silent automatic updates are a truly good
thing in many use cases and environments.
However, in the case where
On 2013-08-06, at 4:49 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-06, at 1:23 PM, Jacob Appelbaum ja...@appelbaum.net
wrote:
Nadim Kobeissi:
On 2013-08-06, at 12:55 PM, Jacob Appelbaum
ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-06, at
On Wed, Aug 07, 2013 at 07:20:21AM +0300, Nadim Kobeissi wrote:
You will note that this was posted recently. However, 5 weeks ago,
Mozilla posted a security advisory for Firefox and fixed the issue. Tor
then updated the Tor Browser Bundle with the fix, 5 weeks ago, *without
releasing a security
Forgive me, but I'd like to ask a question here.
Tor is a tool that is undeniably, directly marketed toward activists in
high-risk environments. Tor's presentations at conferences centre around how
Tor obtains increased usage in Arab Spring countries that matches the timeline
of revolutionary
).
gpg --keyserver pgp.mit.edu --search-keys
EEE5A447http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447op=vindex
From: na...@nadim.cc
Date: Mon, 5 Aug 2013 10:15:20 +0200
To: liberationtech@lists.stanford.edu
Subject: Re: [liberationtech] Freedom Hosting, Tormail Compromised //
OnionCloud
On 05.08.2013 10:15, Nadim Kobeissi wrote:
Now, we find out that the FBI has been sitting on an exploit since an unknown
amount of time that can compromise the Tor Browser Bundle
is that really so? See:
https://blog.mozilla.org/security/2013/08/04/investigating-security-vulnerability-report/
On 2013-08-05, at 10:46 AM, Georg Koppen g.kop...@jondos.de wrote:
On 05.08.2013 10:15, Nadim Kobeissi wrote:
Now, we find out that the FBI has been sitting on an exploit since an
unknown amount of time that can compromise the Tor Browser Bundle
is that really so? See:
On Mon, Aug 05, 2013 at 10:46:35AM +0200, Georg Koppen wrote:
On 05.08.2013 10:15, Nadim Kobeissi wrote:
Now, we find out that the FBI has been sitting on an exploit since an
unknown amount of time that can compromise the Tor Browser Bundle
is that really so? See:
EEE5A447http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447op=vindex
From: na...@nadim.cc
Date: Mon, 5 Aug 2013 10:46:58 +0200
To: liberationtech@lists.stanford.edu
Subject: Re: [liberationtech] Freedom Hosting, Tormail Compromised //
OnionCloud
On 2013-08-05, at 10:46 AM, Georg Koppen
On Mon, Aug 5, 2013 at 9:46 AM, Nadim Kobeissi na...@nadim.cc wrote:
Hmm. So it's more of a 38-day. Perhaps there should have been a Tor Browser
security advisory in that case.
I'm not sure how long the Tor bundle goes without actively complaining
to the user about things being out of date.
On 2013-08-05, at 11:04 AM, Michael Owen mich...@theramparts.com wrote:
On Mon, Aug 5, 2013 at 9:46 AM, Nadim Kobeissi na...@nadim.cc wrote:
Hmm. So it's more of a 38-day. Perhaps there should have been a Tor Browser
security advisory in that case.
I'm not sure how long the Tor bundle
The fog of OHM hasn't yet lifted for me, so I'm sorry if I'm not entirely
poetic in thought…
Before people jump in and say the tor network is inherently flawed! I just
want to try to put it in perspective. As I understand it, an .onion got owned,
probably by some poorly written or installed
On Mon, 5 Aug 2013 10:15:20 +0200
Nadim Kobeissi na...@nadim.cc wrote:
Now, we find out that the FBI has been sitting on an exploit since an
unknown amount of time that can compromise the Tor Browser Bundle,
which is currently the main way to download Tor and the only way to
download Tor for
On Mon, 5 Aug 2013 10:04:02 +0100
Michael Owen mich...@theramparts.com wrote:
I'm not sure how long the Tor bundle goes without actively complaining
to the user about things being out of date.
TBB notifies the user within an hour of releasing the new version. The
hour lag is because our
On Mon, Aug 05, 2013 at 09:19:01AM -0400, liberationt...@lewman.us wrote:
Please cite first person sources on this. It's not clear the FBI did
anything or is involved at all. There is a reddit thread implying this,
but no statement (as of yet) from the FBI or anyone claiming
responsibility for
On 05.08.2013 10:15, Nadim Kobeissi wrote:
Now, we find out that the FBI has been sitting on an exploit since an unknown
amount of time that can compromise the Tor Browser Bundle
is that really so? See:
https://blog.mozilla.org/security/2013/08/04/investigating-security-vulnerability-report/
On 2013-08-05, at 4:19 PM, liberationt...@lewman.us wrote:
On Mon, 5 Aug 2013 10:15:20 +0200
Nadim Kobeissi na...@nadim.cc wrote:
Now, we find out that the FBI has been sitting on an exploit since an
unknown amount of time that can compromise the Tor Browser Bundle,
which is currently the
On Mon, Aug 05, 2013 at 04:54:00AM -0400, Roger Dingledine wrote:
Specifically, it would appear that the TBB updates we put out on
June 26 addressed this vulnerability:
https://lists.torproject.org/pipermail/tor-announce/2013-August/89.html
has some more details now.
Or see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/05/2013 05:00 PM, Nadim Kobeissi wrote:
On 2013-08-05, at 4:19 PM, liberationt...@lewman.us wrote:
On Mon, 5 Aug 2013 10:15:20 +0200 Nadim Kobeissi na...@nadim.cc
wrote:
Now, we find out that the FBI has been sitting on an exploit
Il 8/4/13 10:31 PM, liberationt...@lewman.us ha scritto:
Tor's official response is here,
https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting
After a quick check at a random Tor2web server, it seems that there's no
specific pattern of traffic-drop.
Who knows,
On 2013-08-05, at 6:38 PM, Roger Dingledine a...@mit.edu wrote:
On Mon, Aug 05, 2013 at 04:54:00AM -0400, Roger Dingledine wrote:
Specifically, it would appear that the TBB updates we put out on
June 26 addressed this vulnerability:
Fabio Pietrosanti (naif) li...@infosecurity.ch wrote:
After a quick check at a random Tor2web server, it seems that there's no
specific pattern of traffic-drop.
Who knows, maybe the amount of TorHS that has been takendown are just a
few.
Yeah, it seems like people are vastly
Mozilla posted the advisory on June 25th.
https://www.mozilla.org/security/announce/2013/mfsa2013-53.html and a
TBB update was provided 5 days later:
https://blog.torproject.org/blog/tor-browser-bundle-30alpha2-released
- and uses a version of FF that the advisory says fixes the issue.
So
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Firstly: this is not a anti-Tor/pro-anything/anti-developer comment. If
anything it's pro-have_some_understanding_for_people point-of-view. I
contribute to Tor as I believe it can do a lot of good.
As I understand it, the issue was: a compromise
Nadim certainly has a point about the disparity between how his efforts
were received and the overall level of respect/support Tor receives.
Hopefully, he will continue on and when his software accumulates the track
record that Tor has he will be suitably rewarded. He certainly writes
recently
Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote:
By what Roger Dingledine from Tor has stated in a previous mail, The Tor
Project provided the you need to upgrade message promptly. I don't know
if that is enough. (But it is certainly a lot more that other providers of
software would do.)
I
You realize Tor didn't know this vuln was an issue until two days ago?
The Tor Browser Bundle is based off of Firefox ESR releases. All the high
profile security issues fixed are listed on the Firefox ESR known
vulnerabilities web page. You want them to copy that page for you?
Al
--
Al
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5 Aug 2013, at 21:08, Al Billings wrote:
You realize Tor didn't know this vuln was an issue until two days ago?
I presume thats directed at Griffin.
The Tor Browser Bundle is based off of Firefox ESR releases. All the high
profile security
Why should they? Just make sure you're running the most recently released
version.
--
Al Billings
http://makehacklearn.org
On Monday, August 5, 2013 at 1:18 PM, Bernard Tyers - ei8fdb wrote:
The Tor Browser Bundle is based off of Firefox ESR releases. All the high
profile security
Al,
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch without
reading firefox's changelog. Two days ago I presented a talk which
emphasized how useful Tor is -- and I stand by that. Tor is still the
best option for maintaining
I'm not sure what you're trying to say here exactly.
Tor doesn't apply a patch to TBB, AFAIK. They build on top of Firefox ESR.
The current Firefox ESR17 (and the current TBB) have the bug fixed that
everyone is talking about. If you're current, you're safe.
So, then the problem becomes: why
Does anybody have any indication on how the alleged operator of Freedom
Hosting was identified. Everybody seems to be focusing on the javascript
exploit but from what I've read, it appears that was placed on the
server after the alleged operator was taken down and the operation
compromised, or
If my understanding of Mozilla's description of the vulnerability is
correct:
https://blog.mozilla.org/security/2013/08/04/investigating-security-vulnerability-report/
Users who are on the latest version of Firefox (version 22) or Firefox ESR
(version 17.0.7) are not at risk. If a user is
No, Mozilla (I assume you mean Firefox) wasn't used to insert anything into
any servers. It is the other way around. Someone had an exploit on the servers
that could be used to exploit older versions of the ESR17 branch of Firefox,
which the Tor Browser Bundle uses. (ESR is the Extended Support
ah, ok, thanks! Got it backwards...
So the server was hacked by some unknown method, by a state level opponent,
and this was then used to identify user activity using the Firefox 17
vulnerability announced by Mozilla, presumably, which allowed them to
monitor significant traffic and
On Tue, Aug 06, 2013 at 12:09:48AM +0200, Griffin Boyce wrote:
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch without
reading firefox's changelog.
I'm still not clear on what you want Tor to have done. Should they do a
Griffin Boyce:
Al,
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch without
reading firefox's changelog. Two days ago I presented a talk which
emphasized how useful Tor is -- and I stand by that. Tor is still the
best
On Mon, Aug 05, 2013 at 06:18:02PM -0400, r...@privacymaverick.com wrote 0.6K
bytes in 0 lines about:
: Does anybody have any indication on how the alleged operator of
: Freedom Hosting was identified. Everybody seems to be focusing on
: the javascript exploit but from what I've read, it appears
According to THN[0] and several linked supporting sites from there
(particularly notable are analyses from Kenneth Buckler[1] and Vlad
Tsyrklevich[2]), the payload delivered the MAC address and Windows
hostname to 65.222.202.54[3]. I've read in public sources that that
address is assigned to SAIC
1) Freedom Hosting owner arrested and TorMail appears to be distributing
FBI malware specifically targeting the Tor Browser Bundle.
Deets:
https://openwatch.net/i/200/anonymous-web-host-freedom-hosting-owner-arreste
2) I'm considering using Docker/Flynn to build an anonymous PaaS. Anybody
want
Tor's official response is here,
https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting
--
Andrew
http://tpo.is/contact
pgp 0x6B4D6475
--
Liberationtech list is public and archives are searchable on Google. Too many
emails? Unsubscribe, change to digest, or change
There are really two separate issues here, and I just want to separate them
briefly.
1) Tormail and other sites were hosting malicious js code that attempts to
break firefox 17.
2) Freedom Hosting was shut off after its host was arrested.
I will say from personal experience that most hidden
89 matches
Mail list logo
