Forum Settings
       
« Previous 1 2
Reply To Thread

Tor was hacked - clear your browser historyFollow

#1 Jul 30 2014 at 9:08 AM Rating: Good
Gave Up The D
Avatar
*****
12,281 posts
Gizmodo wrote:
Tor, the network used specifically for privacy and anonymity, just warned users of an attack meant to deanonymize people on the service. Anyone who used Tor from February 2014 through this July 4 can assume they were impacted.

This is very bad news for Tor, which is heralded for its ability to conceal users from surveillance.

Tor believes this attack came from researchers at Carnegie Mellon's Computer Emergency Response Team, not an identity thief (or, uh, the government). CERT researchers abruptly canceled a highly anticipated talk they were going to give about the possibility of deanonymizing Tor at the Black Hat conference this year, kicking off speculation that they'd successfully pulled it off. Now it looks like they did. (We've contacted CERT for confirmation and will update if they fess up.)

It's not clear how much data the attacks received and stored, but it's scary stuff. Tor can't say for sure exactly what the attackers unearthed, but it's not looking good. "If this attack was in fact related to the research done by CERT/CMU for Black Hat, then - judging by the abstract the researchers wrote for their presentation - the attack did successfully deanonymize users and hidden services," advocate for the Tor Project Runa Sandvik told me.

If this is the handiwork of CERT, it's about as good as a successful attack is going to get, because the researchers aren't using it to dox Tor users. But the fact that this went down means a malicious agent could've gone to town on Tor... and maybe they already have. Ideally, this issue will help Tor shore up its security to prevent that from happening; Russia is already trying to deanonymize the network.

If you use Tor, this is reason to be very concerned. You should make sure you're using a version that's no longer vulnerable. There are recommended upgrades available that will close the security loophole.
____________________________
Shaowstrike (Retired - FFXI)
91PUP/BLM 86SMN/BST 76DRK
Cooking/Fishing 100


"We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary."
— James D. Nicoll
#2 Jul 30 2014 at 9:28 AM Rating: Excellent
Liberal Conspiracy
*******
TILT
Remind me, is downloading copyrighted underage marijuana **** still illegal? A friend needs to know quick.
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#3 Jul 30 2014 at 9:50 AM Rating: Excellent
Meat Popsicle
*****
13,666 posts
Just a friendly reminder that the internet is full of people, and many of them are much smarter than you. They know all your secrets, from all your posts, and all your 'other' activities. Don't try to keep things from them. They will hunt you down, cut you up, and sell your liver to a hospital in Vietnam. You've been warned.
____________________________
That monster in the mirror, he just might be you. -Grover
#4 Jul 30 2014 at 9:52 AM Rating: Good
*******
50,767 posts
someproteinguy wrote:
Just a friendly reminder that the internet is full of people, and many of them are much smarter than you. [...] and sell your liver to a hospital in Vietnam.
They're not that smart then.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#5 Jul 30 2014 at 9:53 AM Rating: Good
Gave Up The D
Avatar
*****
12,281 posts
someproteinguy wrote:
Just a friendly reminder that the internet is full of people, and many of them are much smarter than you. They know all your secrets, from all your posts, and all your 'other' activities. Don't try to keep things from them. They will hunt you down, cut you up, and sell your liver to a hospital in Vietnam. You've been warned.


tl; don't **** off 4chan. Got it.
____________________________
Shaowstrike (Retired - FFXI)
91PUP/BLM 86SMN/BST 76DRK
Cooking/Fishing 100


"We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary."
— James D. Nicoll
#6 Jul 30 2014 at 10:03 AM Rating: Excellent
Meat Popsicle
*****
13,666 posts
Well the advice is too little too late for those poor Tor people. Smiley: frown

Really though, with the amount of effort going into hacking it, you have to figure it's just a matter of time before some does. The whole thing is magnet for people with the right skills looking for a challenge, and I'd imagine the Russians aren't the only government who'd like it to go away.
____________________________
That monster in the mirror, he just might be you. -Grover
#7 Jul 30 2014 at 7:11 PM Rating: Good
Ghost in the Machine
Avatar
******
36,443 posts
So, let me get this straight... when Anonymous does it, it's an act of cyber-terror, but when CERT does it, it's a research project?

Makes sense. Time to swap hard drives and find my ol' hammer.
____________________________
Please "talk up" if your comprehension white-shifts. I will use simple-happy language-words to help you understand.
#8 Jul 31 2014 at 9:06 AM Rating: Excellent
Meat Popsicle
*****
13,666 posts
Mazra wrote:
So, let me get this straight... when Anonymous does it, it's an act of cyber-terror, but when CERT does it, it's a research project?
Exactly, just like it's okay for Facebook to toy with your emotions as long as they let scientists push the buttons.
____________________________
That monster in the mirror, he just might be you. -Grover
#9 Jul 31 2014 at 6:24 PM Rating: Good
Ghost in the Machine
Avatar
******
36,443 posts
For science. You monsters.
____________________________
Please "talk up" if your comprehension white-shifts. I will use simple-happy language-words to help you understand.
#10 Aug 01 2014 at 7:27 AM Rating: Good
*******
50,767 posts
I check a lot of web pages in the name of science. Lots of experiments to do and research to make.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#11 Aug 01 2014 at 8:16 AM Rating: Excellent
Liberal Conspiracy
*******
TILT
Mazra wrote:
So, let me get this straight... when Anonymous does it, it's an act of cyber-terror, but when CERT does it, it's a research project?

I haven't been following this (mainly due to a lack of interest) but is CERT just saying "Hey, check out what we can do?" or are they saying "We're going to reveal all this stuff and crash your websites and put up 'CERT was here' images unless you change your ways"?

I mean, learning that the NSA cracked my bank's security would worry me less than learning that some random 4Chan chump cracked my bank's security. That's not to condone either but one is still going to cause me more immediate concern (and, no, I'm not terribly worried about the NSA looking at my utility bill payments compared to someone draining the account).

Edited, Aug 1st 2014 9:17am by Jophiel
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#12 Aug 01 2014 at 9:31 AM Rating: Excellent
Meat Popsicle
*****
13,666 posts
I can't help but disagree. My bank is good at refunding money not spent by me, and the NSA doesn't need to see all those purchases from the sarin gas emporium.
____________________________
That monster in the mirror, he just might be you. -Grover
#13 Aug 01 2014 at 11:42 AM Rating: Good
*******
50,767 posts
I'd be more concerned with CERT than 4chan. At least I know the chan is about being jackasses. Who knows what CERT is going to do with the information.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#14 Aug 01 2014 at 3:46 PM Rating: Good
Encyclopedia
******
35,568 posts
I'm getting the distinct impression most of you don't know what Tor is. It's not a server with user data on it. It's not remotely similar to a hacker group infiltrating some companies servers and stealing what's on them. It's more akin to someone cracking an encryption methodology and then semi-quietly telling the community "Hey. Um... You should maybe update your code cause it's not secure anymore". Which is a good thing.

Having said that, anyone totally relying on Tor as a means of doing say illegal stuff and not getting caught was/is foolish as hell. The first thing to realize about any form of network security (and Tor isn't even really that since it just makes the transport more difficult to track), is it's always about effort to secure versus effort to reveal. The best rule of thumb is and always will be that if you don't want someone to know something *ever*, don't put it on a network *ever*.

Edited, Aug 1st 2014 2:47pm by gbaji
____________________________
King Nobby wrote:
More words please
#15 Aug 01 2014 at 4:00 PM Rating: Good
Liberal Conspiracy
*******
TILT
I think most of us are well aware of what Tor is and are just using other services as an easy illustration to describe our mindsets rather than drawing exact equivalences.
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#16 Aug 01 2014 at 4:06 PM Rating: Excellent
Meat Popsicle
*****
13,666 posts
I assumed it was a network used specifically for privacy and anonymity. I have no idea where I got that from.

Edited, Aug 1st 2014 3:08pm by someproteinguy
____________________________
That monster in the mirror, he just might be you. -Grover
#17 Aug 01 2014 at 4:15 PM Rating: Good
Liberal Conspiracy
*******
TILT
I assumed it was a science fiction and fantasy publishing house. One used to download underage drug ****.
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#18 Aug 01 2014 at 4:32 PM Rating: Decent
Encyclopedia
******
35,568 posts
Jophiel wrote:
I think most of us are well aware of what Tor is and are just using other services as an easy illustration to describe our mindsets rather than drawing exact equivalences.


Sure. If that's the story you're going to stick to. Smiley: dubious
____________________________
King Nobby wrote:
More words please
#19 Aug 01 2014 at 4:41 PM Rating: Good
Liberal Conspiracy
*******
TILT
Sorry. You can pretend to be an expert in facets of jewelry web site design that no one else knows about if you'd like.
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#20 Aug 01 2014 at 5:13 PM Rating: Good
***
3,053 posts
Smiley: madJophSmiley: mad

I don't need gbaji long winded input on what I should do on my jewelry site.
____________________________
In the place of a Dark Lord you would have a Queen! Not dark but beautiful and terrible as the Morn! Treacherous as the Seas! Stronger than the foundations of the Earth! All shall love me and despair! -ElneClare

This Post is written in Elnese, If it was an actual Post, it would make sense.
#21 Aug 01 2014 at 7:32 PM Rating: Good
Ghost in the Machine
Avatar
******
36,443 posts
gbaji wrote:
The best rule of thumb is and always will be that if you don't want someone to know something *ever*, don't put it on a network *ever*.


I thought it was 'always be the smartest guy in the room'. Chat room, I suppose.
____________________________
Please "talk up" if your comprehension white-shifts. I will use simple-happy language-words to help you understand.
#22 Aug 01 2014 at 8:02 PM Rating: Good
I know we all get irritated with gbaji now and then, but let's not condemn him to solitary confinement.
#23 Aug 04 2014 at 9:40 AM Rating: Excellent
Meat Popsicle
*****
13,666 posts
Mazra wrote:
gbaji wrote:
The best rule of thumb is and always will be that if you don't want someone to know something *ever*, don't put it on a network *ever*.


I thought it was 'always be the smartest guy in the room'. Chat room, I suppose.
Naw you don't want to be that far above your competition, the best rules of thumb should be opposable.
____________________________
That monster in the mirror, he just might be you. -Grover
#24 Aug 04 2014 at 11:10 AM Rating: Good
Lunatic
******
30,086 posts
I'm getting the distinct impression most of you don't know what Tor is.

This is known as the "false consensus" effect, where you assume everyone are idiots because all of the people in your immediate circle of friends are slack jawed fucking morons. My nine year old knows what Tor is from watching Minecraft videos on youtube where people make jokes about it. They make jokes about it in a "let's play" for a children's game because, and this is important, *nearly everyone who isn't computer illiterate and under the age of 90 know what it is*. They talk about it on fucking House of Cards, a show aimed at baby boomers. Among others. Probably fucking Hannah Montana. It's not a secret. Other things *everyone* reading this already understands:

PGP
Bitcoin/dogecoin/etc (batcoin most completely, obviously)
3d Printing
High Frequency Trading
Bacon
Salsa Dancing
Elephants

Please spare us your urges to attempt to "explain" any of the above. Comedy is one thing, but it frequently ends out being painful to read because you are such a horrible writer. Thanks in advance.
____________________________
Disclaimer:

To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a *****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? Gay. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.

#25 Aug 04 2014 at 11:16 AM Rating: Excellent
Liberal Conspiracy
*******
TILT
Wait. Ele-whats?
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#26 Aug 04 2014 at 11:40 AM Rating: Good
Skelly Poker Since 2008
*****
16,781 posts
TOR is The Old Republic. I don't play Star Wars so didn't bother with this message.

Still, I have taken to clearing my browser history regularly as it allows me to continue reading my free articles from my local newspaper well beyond the allotted ten per month.

gbaji knows.
____________________________
Alma wrote:
I lost my post
« Previous 1 2
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 318 All times are in CST
Anonymous Guests (318)