Thread replies: 31
Thread images: 4
Thread images: 4
File: 1478561905508.png (10KB, 250x367px) Image search:
[Google]
10KB, 250x367px
Stop using Firefox on Windows right now!
>There's a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday.
>Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website. It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch.
>According to security researchers who analyzed the code, it exploits a memory corruption vulnerability that allows malicious code to be executed on computers running Windows. The malicious payload it delivers, according to an independent researcher who goes by the Twitter handle @TheWack0lian, is almost identical to one that was used in 2013 to deanonymize people visiting a Tor-shielded child pornography site. The FBI ultimately acknowledged responsibility for the exploit, which was embedded in Web pages served by a service known as Freedom Hosting.
>"It's basically almost EXACTLY the same as the payload used in 2013," TheWack0lian told Ars. "It exploits some vuln that executes code very similar to that used in the 2013 Tor browser exploit. Most of the code is identical, just small parts have changed."
...
...
>http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/
https://archive.fo/R0aHr
>https://tsyrklevich.net/tbb_payload.txt
https://archive.fo/AyfFB
>http://pastebin.com/AwnzEpmX
https://archive.fo/uihBr
>>
File: Untitled.png (11KB, 343x177px) Image search:
[Google]
11KB, 343x177px
>>57765852
>implying
>>
But it looks good.
>>
> turning on JavaScript in the tor browser
You have to expect that someone clever might figure out some way when they can run scripts in your browser. Which is why JavaScript is turned off by default. Like the pedos being caught after running flash in the tor browser. It's a user error and not a browser error. Nobody can be anonymous and at the same time run JavaScript and flash nilly willy
>>
>>57765894
Javascript on tor browser is turned on by default, and the tor team suggest not to turn off.
https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
>>
Firefox is a virus.
>>
>>57765894
>>57765915
I hope they've learnt their lesson and change it to off by default with a warning to the users that turning it on may cause problems. This is the second huge case of Javascript exploit.
>>
HEY GUYS STOP USING LINUX!
Some researchers have figured out that copy pasting commands from the Internet might run malicious code on your computer. Better not run Linux at all with this huge bug.
>>
> It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch.
>javascript exploit
they deserve to get V& for using javascript
We knew the FBI had a "zeroday" for the tor browser anyway. We also knew it was something fucking stupid like this.
>>
>>57765852
>on computers running Windows
k
>>
File: 1465237697127.png (105KB, 690x227px) Image search:
[Google]
105KB, 690x227px
Ok.
>>
>>57765852
What browser should wincucks use then? I don't want anything that records my history and URLs and sends them to some server. Is icecat affected by this? Why are there no secure browsers anymore ;_;
>>
>>57766052
Anyone using the tor browser for anything illegal deserves to be v& anyway. Tails and whonix exist for a reason
>>
>>57765852
Hardened Musl Gentoo with Grsec (and the RBAC) master race, get the fuck out Debian plebs thinking you're "secure" with fucking glibc.
>>
>>57765852
I don't care. Oh no my futanari exhentai browser history.
>>
Is there a tool like AppArmor or SELinux on windows that could mitigate this?
>>
>>57765852
if the only people that got harmed were a few pedophiles then good, i am glad the FBI found the exploit and busted those SOBs
>>
I don't even care. How can I disable Javascript? I don't think Alphabay needs it.
>>
>>57766874
>Anyone using the tor browser for anything illegal deserves to be v& anyway.
Like complaining about the government or researching the Tiananmen Square protests of 1989?
Or buying bitcoin or speaking to foreigners? All of them highly illegal
>>
>>57765852
>Windows
People still use this? Why?
>>
Firecucks blown the fuck out yet again.
>2016
>not using Chromium
Even Google Chrome is better than the latest pile of shit from Mozilla.
>>
>>57767487
Some people are too stupid to install something that does not come default anon, stop being ableist. Nobody cares that you are edgy and pointing out that people lack mental functions.
>>
>>57767538
>Chromium
Why not iron?
>>
>>57767546
>Nobody cares that you are edgy and pointing out that people lack mental functions.
Look, sure. I just thought it was ironic that people who wished to be anonymoose decided to use a certified botnet OS.
>>
File: 1460513373356-0.jpg (162KB, 640x360px) Image search:
[Google]
162KB, 640x360px
>>57765852
OMG i'm scared! Please Google, MS or someone rape me now!
>>
>>57767546
I mean,
> almost identical to one that was used in 2013 to deanonymize people visiting a Tor-shielded child pornography site
> watching CP
> on WINDOWS
> people lack mental functions
I think that's the most diplomatic way to describe them.
>>
>>57767546
>Nobody cares that you are edgy
>implying he is edgy
>>
>>57765852
>reading arstechnica when they have become a SJW site that also pushes fake news
>>
>>57765852
I have nothing to hide. I don't care about the zero day.
>>
>>57769497
tits or gtfo!
>inb4 male tits
>>
>>57769497
then why are you hiding your big peepee then?
Thread posts: 31
Thread images: 4
Thread images: 4