If my understanding of Mozilla's description of the vulnerability is correct:
https://blog.mozilla.org/security/2013/08/04/investigating-security-vulnerability-report/ Users who are on the latest version of Firefox (version 22) or Firefox ESR > (version 17.0.7) are not at risk. If a user is running an outdated of > Firefox, then this vulnerability could be used by an attacker to execute > malicious software on a victim’s machine. Mozilla has been alerted that > this issue is being actively exploited in the wild and urges all users to > make sure their Firefox is up to date. Then what happened could have happened to any ISP on hidden services or not. A browser connected to the ISP, used a browser vulnerability to infect the host server, and proceeded from there to do whatever to the hosting complex at the hidden service site. They were hacked. They got pwned. And apparently, they had no measures in place to have noticed that it was happening, in terms of image monitoring and so on -- although admittedly we are talking about a state-level opponent. They could have been rootkitted straight off, and the opponent had their way with them and so on. However, my understanding is that this vulnerability -- did I hear somewhere? -- is to windows hosting. Now maybe it's me, and I'm old fashioned, but I still think of that as more vulnerable, but I've been out of the field for a while. Regardless, This has nothing to do with Tor or Tor hidden services. It could have happened on the open internet with an apache server with the same version of Mozilla. Or am I misunderstanding something? So, essentially, Mozilla was used as the Trojan Horse to insert the payload into the servers. It wouldn't have made a difference at all if they were hidden or not, only that they were using web services and allowing any version of Mozilla to attach. yrs, -- Shava Nerad shav...@gmail.com
-- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech