[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TOR tried to take a snapshot of my screen

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TOR tried to take a snapshot of my screen
From: APX 808 <apx.808@xxxxxxxxx>
Date: Mon, 25 Aug 2014 16:02:49 -0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 25 Aug 2014 15:03:04 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Tq6B/PkHPdAZxssWIxM2CLwrWuAoRTj4t36bUF6p7RQ=; b=ov2TcHTdtXIUv/nZ+LJlUxjLDLXwJkl7Fjzui0Va4oxDRXXsISofbu08HHeFcmIkc9 +A84qIcTo7a7MW0BZRIOQJeYMEqDiWYdSXtfnpIGNqDBuqODbhw8M/NzTguIPM+///fb s4lH0IUjxIdZsrxQCf1Ap4LMKFmI6+mhwSyIJfdm0qRUms31ercpuHs53lGFdL5Z38Ip HhufWsUDEix+clpWJv5Ni8+hCl6LBgkHw5wgoGgKgkc1xgdRCEkftHggquwdK/3/FXgr lT8ZjIcu9sRWleHxY4ud3frOW5+/bM/9iqyCuZjDUgWCrs+WjWrNQY9Q70WinDw0IAyb UG3Q==
In-reply-to: <c19072ec44c750a9bf78215860e425a9.squirrel@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <c19072ec44c750a9bf78215860e425a9.squirrel@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

I did a quick search and found a similar report from August 2013

https://blog.torproject.org/blog/tor-browser-bundle-30alpha2-released

Check the latest comment

Cheerz
http://apx808.blogspot.com


On Mon, Aug 25, 2014 at 3:22 PM, <
BM-2cVvnFWSftFx8dv12L8z8PjejmtrjYjnUY@xxxxxxxxxxxxx> wrote:

> Hi,
>
> I will answer messages sent by different list members. Check for yours:
>
>
>
>
>
> Joe Btfsplk wrote:
> > Or, this could be a hoax by the OP, or a simple mistake.
>
> This is not a hoax and is not a mistake.
>
>
>
>
>
>
>
> Mirimir wrote:
> > Maybe Zemana is incorrectly flagging some aspect of HTML5 canvas
> > spoofing by the Tor browser as taking a screen snapshot".
>
> The incident happend at different web pages that had been accessed before
> many times without any incident.
>
> The Zemana is the same version I am running since December 2013, i.e., it
> is running for around 8 months without any incident.
>
>
>
>
>
>
> Sebastian G. wrote:
> > Was it a website you trusted you browsed to? Did the software attempt to
> > do anything without a website loaded?
>
> Ar regular sites at the surface web that is accessed by many TOR users.
> Sorry, I can not provide more specific information that may facilitate my
> identification.
>
>
>
>
> Sebastian G. wrote:
> > Looks, like the website(s) did something.
> > Maybe trying to access canvas, what the TorBrowser tried to prevent.
> > Maybe this triggered the alert.
>
> Again... I am using the same Zemana version for around 8 months without
> any incident and acessing the same web sites.
> So it is not a canvas access problem.
> I will be very surprice if any web site is capable to generate such alert,
> especially without to be able to run any script.
>
>
>
>
>
>
> >> I am sending some screens with the Zemana log, where is possible to see
> >> the TOR MD5 signature (firefox.exe; FC19E4AFB0E68BD4D25745A57AE14047)
> and
> >> the logged behaviour ("screenlogger"), the TOR version,
> >> TOR button and the
> >> Zemana version screens, and the extensions
> >> and plug-ins existing in my TOR
> >> install (just to confirm that nothing strange is there). They are
> >> available to download here:
> >> http://www.datafilehost.com/d/dfb201d8
> >> or
> >> https://www.sendspace.com/file/6ygdl3
>
> > Both of the files are broken or corrupted. They can't be opened as an
> > archive on my end. The first source tries to make one download an .exe
> > file. Well you can download the zip file, without it.
>
> > How can we be sure that your upload is safe?
>
>
> If both links are broken this means that somebody is doing a big effort to
> prevent the file access.
>
> The reason I uploaded to hosts is because the Tor Project team blocked my
> attempt to send as attachment to this list.
> By this you may also understand that the Tor Project team was aware about
> my report two days in advance than the list members.
>
> The uploaded file is a ZIP with a number of JPG images inside. As far as I
> know both file types are safe.
>
> I did a new upload to a popular JPG hosting service. Here they are:
> http://i.imgur.com/QAKp7k1.jpg     (Zemana log)
> http://i.imgur.com/nJkCQJp.jpg     (Zemana version)
> http://i.imgur.com/06ZW0IK.jpg
> http://i.imgur.com/XsbpQ4X.jpg
> http://i.imgur.com/eikxgpe.jpg
> http://i.imgur.com/jWjAq5N.jpg
> http://i.imgur.com/iuqltM0.jpg
> http://i.imgur.com/01cuLYd.jpg
> http://i.imgur.com/ijnZwGs.jpg
>
>
>
>
>
>
>
>
> Sebastian G. wrote:
> > The remote operator claim would require evidence of some sort.
>
> My report with detailed information including the Zemana log showing that
> firefox.exe tried to record my screen seems to be a very good evidence.
> What more one may provide? Is somebody expecting a NSA or Tor Project
> written confirmation?
>
>
>
>
>
>
> Sebastian G. wrote:
> >> This may explain also the, until now, unclear role and objectives of the
> >> US goverment by funding the TOR Project.
>
> > I think they use Tor for many purposes themselves.
>
> Why will USA fund the development of a tool that can be used by its
> enemies?
> You may have a doubt about the Tor backdoor. I don't.
>
> What we have here is very simple: who pays gives the orders!
>
>
>
>
>
>
>
>
> Sebastian G. wrote:
> >> I am an entusiast of privacy tools and TOR is not used for any kind of
> >> unlawful purposes, is unlikely that I will attract attention from public
> >> authorities and I am not worried with any data such attacker eventually
> >> may have had access.
>
> > If someone would exploit against the TorBrowser he might be trying to
> > get as many hits as possible to see if someone is a target.
>
>
> I guess inside the rerouting net is a kind of automatic tool to spy Tor
> users and, in addition, the (humans) operators my pick users at will for
> additional checks. Just my guess.
>
>
>
>
>
>
>
> Sebastian G. wrote:
> > I hope this can be resolved.
>
> The Tor Project team is already working to resolve... keeping total
> silence until everybody forgets my report with, for me a PROOF, for
> everybody else an EVIDENCE, that TOR was spotted in flagrant while trying
> to record my screen.
>
>
>
>
>
>
>
>
>
> no.thing_to-hide@xxxxxxxxxxxxxxx wrote:
> > I did not touch the files, because the whole story made me
> > mistrustful. When you look at some subjects of yesterday
> > "Third-parties tracking me on Tor"
> > "TOR tried to take a snapshot of my screen"
> > Perhaps somebody is trolling this list and tries to seed confusion.
>
>
>
> I am not connected with the message with subject "Third-parties tracking
> me on Tor".
> I paid attention on it too. Strange to have an ambiguous message send to
> the list exactly one day after my first try (blocked by Tor Project team)
> to report to this list.
>
> I am not trolling this list.
> I am providing serious information.
>
>
>
>
>
>
>
> AntiTree wrote:
> > I don't know the anti-spyware tool that you used nor
> > details about what the
> > tool deems a "screenshot" but I want to point out that in Windows
> > (especially older versions) one of the entropy sources for OpenSSL is the
> > screenshot of your current session[1]. So if the Tor Browser needs to
> > generate keys (and it usually does in your use case) it is possible that
> > the crypto functions are calling whatever "rand" sources are available on
> > your system, including first taking a screenshot of your session.
>
> Do not seems that is the case otherwise the Zemana alert would be
> generated on regular basis.
>
>
>
>
>
>
>
>
> Michael Wolf wrote:
> > "NSA and GCHQ agents 'leak Tor bugs', alleges developer"
> > http://www.bbc.com/news/technology-28886462
>
> Oh yes, we will see many "news and leaks" reporting the "efforts" of NSA
> and GCHQ to break TOR and bla-bla-bla.
> Just desinformation to keeps the TOR credibility.
>
> While may (or may not) provide some protection against USA enemies, TOR
> provides NO PROTECTION against USA and friends.
> TOR is a spy tool to spy on YOU!
>
>
>
> Hope more users will start to use Zemana and other anti-spyware and more
> reports about this problem arrives.
>
>
>
>
>
>
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] TOR tried to take a snapshot of my screen
  - From: APX 808

References:
- Re: [tor-talk] TOR tried to take a snapshot of my screen
  - From: BM-2cVvnFWSftFx8dv12L8z8PjejmtrjYjnUY

Prev by Author: Re: [tor-talk] TOR tried to take a snapshot of my screen
Next by Author: Re: [tor-talk] TOR tried to take a snapshot of my screen
Previous by thread: Re: [tor-talk] TOR tried to take a snapshot of my screen
Next by thread: Re: [tor-talk] TOR tried to take a snapshot of my screen
Index(es):
- Author
- Thread