[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] WannaCry fallout FYI

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] WannaCry fallout FYI
From: Roger Dingledine <arma@xxxxxxx>
Date: Mon, 15 May 2017 04:25:54 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 15 May 2017 04:26:08 -0400
In-reply-to: <717a45c2-8ba8-e640-ccab-0150e9afc915@balist.es>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <ACF5A948-2B0B-4EDD-847C-1240AC71BB17@brazoslink.net> <713C90EE-5EFF-48A7-9B15-02D39F286DB4@to-surf-and-protect.net> <99a3c234-b073-8733-852e-524648c47aa1@riseup.net> <77f47be5-0e1c-8aa7-7472-885490bb9c90@balist.es> <20170515073808.GN14369@moria.seul.org> <717a45c2-8ba8-e640-ccab-0150e9afc915@balist.es>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-12-10)

On Mon, May 15, 2017 at 09:58:26AM +0200, Cristian Consonni wrote:
> Interesting. In fact, I though that downloading the whole browser seemed
> to be not so smart, surely there are better ways to connect
> programmatically to the tor network.

It is not the whole browser -- it is the "windows expert bundle":
https://www.torproject.org/download/download
So it is indeed stupid to treat its libraries like the cloud, but
not so stupid that it's fetching the whole tor browser.

> To my untrained eye, this malware seems to be both clever
> (self-replication) and dumb (kill switch, downloading the browser) at
> the same time.

Also ask yourself whether it checks the signature of the tor win32 thing
that it downloads before running it. :( Good thing we're not evil.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] WannaCry fallout FYI
  - From: Jon Gardner
- Re: [tor-relays] WannaCry fallout FYI
  - From: niftybunny
- Re: [tor-relays] WannaCry fallout FYI
  - From: Mirimir
- Re: [tor-relays] WannaCry fallout FYI
  - From: Cristian Consonni
- Re: [tor-relays] WannaCry fallout FYI
  - From: Roger Dingledine
- Re: [tor-relays] WannaCry fallout FYI
  - From: Cristian Consonni

Prev by Author: Re: [tor-relays] WannaCry fallout FYI
Next by Author: Re: [tor-relays] Memory Problems with tor releay
Previous by thread: Re: [tor-relays] WannaCry fallout FYI
Next by thread: Re: [tor-relays] WannaCry fallout FYI
Index(es):
- Author
- Thread