On Thu, Jul 17, 2014 at 03:14:32PM -0400, Jonathan Wilkes wrote: > We know something about the selectors that could trigger > Foxacid attacks, and we can record the data sent to a machine > running Tor Browser Bundle. So has anyone set up a sitting duck to > trigger and record the payload of the attack? > > Once the payload is known then Firefox could be patched, no?
And once you've patched this bug, FOXACID will update to issue another 0day. It's worth doing, for sure! Patching bugs makes us all incrementally safer. But don't pretend that patching the specific attack your adversary is currently using will disable or even seriously inconvenience the adversary. -andy -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
