[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Verifying signatures



On 03/20/2012 01:46 AM, Achter Lieber wrote:
Hullo (',')

  In light of some fairly recent postings about making it easier to verify signatures on new Tor downloads,
  I was wondering if anyone has any knowledge of a percentage (if there is at all) of new downloads that are, indeed,
  or have been, compromised Tor Browser Bundles?

  And also, what could, would or can a compromised bundle be used to do - against the client?

  I have to use internet cafe computers and cannot install GPG on them to help me even learn how to verify the sigs,
  so all I have available is getting the new version onto a USB and running it from there with my fingers crossed.

  tanks everywhere just like https everywhere
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Sorry if this has been responded to, I've lost a few emails...
I don't believe the TBB has been high-jacked, but the TorButton Firefox extension certainly has. (Forgive my faulty memory linky:http://www.securitynewsdaily.com/1201-anonymous-hackers-child-porn.html) "Anonymous" apparently convinced firefox (or someone at FireFox? No one was ever clear on this..) to upload a modified version. They logged and tracked Tor users to find pedophiles. Which they then logged and posted the IPs.
They even used a geoip database to map where the users were coming from.

So yeah. They got IPs, they got information on pretty much all Websites visited... If someone managed to do this to a reasonable number of people, you could get enough information to positively identify people.

Someone is bound to eventually visit one of their normal websites, and then you have access time, IP, and potentially the cookie.

"Anonymous is the modern equivalent of hysterical mob justice. I thought that was pretty obvious. Sometimes they throw rocks at assholes who deserve it, sometimes they throw rocks at people who got caught kicking a kitty and don't deserve to be stoned." -
    - Anonymous

^ That quote isn't about this particular case, but Anonymous in general. Those logs could have easily fallen into the wrong hands and potentially gotten someone killed. For what? two seconds of fame where they proudly tell the world "These IP address may have potentially accessed CP!! Or not. I mean it's not like anyone can actually DO anything with this information... Since we don't tell you positively what computer it's coming from... Hell could be hundreds of people using that IP... For the Lulz!!"

Idiots....

--
<http://anonymousads.com/userbar/160/click>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk