ah, ok, thanks! Got it backwards... So the server was hacked by some unknown method, by a state level opponent, and this was then used to identify user activity using the Firefox 17 vulnerability announced by Mozilla, presumably, which allowed them to monitor significant traffic and activity/content on the hidden service from there out.
I think there is at least one paper out there on how to defeat a hidden service already, and Tor has an appeal out for help with hidden services in general -- it's not the primary focus of the project, as it isn't a focus of funding, just on a pragmatic basis. (reminder: I do not speak for the project. I volunteer a bit. I used to work there. I am not a programmer, but I used to be one in the previous century, but since then I have tended increasingly to herd geeks and write words and raise cash. I am also fighting a migraine but not as big a headache as Andrew has today, heh...;) It is such an arms race... I still wonder about insufficient paranoia and/or resourcing on the part of the service providers. I wonder if they had image monitoring, pentesting, all the sort of security regime going on that an enterprise ISP would have with sensitive info on it? If your freedom (either in terms of freedom-fighting or just-freedom-from-jail -- this is a bit like the liberation-vs-criminal version of freedom or beer, yes?) depended on it, what would you do to secure your hosting or your machine/mobile? It's more and more relevant. We are an interesting list in interesting times. yrs, SN On Mon, Aug 5, 2013 at 7:13 PM, Al Billings <alb...@openbuddha.com> wrote: > No, "Mozilla" (I assume you mean "Firefox") wasn't used to insert > anything into any servers. It is the other way around. Someone had an > exploit on the servers that could be used to exploit older versions of the > ESR17 branch of Firefox, which the Tor Browser Bundle uses. (ESR is the > "Extended Support Release" and ESR17 is Firefox 17 + important security > updates since 17 was shipped. ESR is meant for corporate users and others > who want longterm stability but security fixes as well.) > > -- > Al Billings > http://makehacklearn.org > > On Monday, August 5, 2013 at 4:00 PM, Shava Nerad wrote: > > So, essentially, Mozilla was used as the Trojan Horse to insert the > payload into the servers. It wouldn't have made a difference at all if > they were hidden or not, only that they were using web services and > allowing any version of Mozilla to attach. > > > > -- > Liberationtech list is public and archives are searchable on Google. Too > many emails? Unsubscribe, change to digest, or change password by emailing > moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Shava Nerad shav...@gmail.com
-- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech