Re: [tor] Re: torservers.net future
Barton Gellman claims in Dark Mirror that NSA hacked Tor Browser Bundle. (pp.79-81). Snowden warned "disable the fucking Javasripts." https://twitter.com/Cryptome_/status/1265658170195804164 At 10:27 AM 5/27/2020, you wrote:
From: Vasilis <andz@torproject.org> To: torservers@freelists.org Subject: Re: [tor] Re: torservers.net future
Hi all,
Any news?
Regards, ~Vasilis -- PGP Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 PGP Public Key: https://keys.openpgp.org/vks/v1/by-fingerprint/8FD5CF5F39FC03EBB38274705FBF7...
First grarpamp, now John Young! These breaches of the public trust by our "esteemed" Western institutions is a source of great anger for some. The evident compromises that have and continue to exist within organisations such as the Tor Inc board, is entirely insidious. To channel Jordan Peterson: "like, what the hell?!" I know we're not supposed to shoot the messenger but with all these reminders, I dunno, sheeirt, shirt's going down muh grits! On Wed, May 27, 2020 at 10:59:30AM -0400, John Young wrote:
Barton Gellman claims in Dark Mirror that NSA hacked Tor Browser Bundle. (pp.79-81). Snowden warned "disable the fucking Javasripts."
https://twitter.com/Cryptome_/status/1265658170195804164
At 10:27 AM 5/27/2020, you wrote:
From: Vasilis <andz@torproject.org> To: torservers@freelists.org Subject: Re: [tor] Re: torservers.net future
Hi all,
Any news?
Regards, ~Vasilis -- PGP Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 PGP Public Key: https://keys.openpgp.org/vks/v1/by-fingerprint/8FD5CF5F39FC03EBB38274705FBF7...
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, May 27, 2020 2:59 PM, John Young <jya@pipeline.com> wrote:
Barton Gellman claims in Dark Mirror that NSA hacked Tor Browser Bundle. (pp.79-81). Snowden warned "disable the fucking Javasripts."
it's all about attack surface (to a lesser degree, hardening). when FaceBook bought 0day dev against their own user, the weak link was a video player - not Tor Browser, not tor, nor Tails model, but a video implementation inside the security boundary of your nymity protections. C.f.: https://www.schneier.com/blog/archives/2020/06/facebook_helped.html best regards, P.S. a deeper defensive posture, for example Qubes OS, would have rendered the video player exploit useless, as that constrained App VM would not have network egress. of course, add more money for VM escapes, etc. :P and so it goes, ever onward...
On Thu, 18 Jun 2020 23:31:32 +0000 coderman <coderman@protonmail.com> wrote:
the weak link was a video player - not Tor Browser, not tor, nor Tails model,
stick your tor advertising up your ass.
C.f.: https://www.schneier.com/blog/archives/2020/06/facebook_helped.html
piece of jew-shit schneier "I'm fine with the FBI using vulnerabilities: lawful hacking, it's called." "accounts that messaged minors" oh this about feminazi scum and their crimes against humanity, who would have thought it..
On 06/18/2020 04:31 PM, coderman wrote: <snip>
it's all about attack surface (to a lesser degree, hardening).
when FaceBook bought 0day dev against their own user, the weak link was a video player - not Tor Browser, not tor, nor Tails model, but a video implementation inside the security boundary of your nymity protections.
C.f.: https://www.schneier.com/blog/archives/2020/06/facebook_helped.html
From that link:
They also paid a third party contractor "six figures" to help develop a zero-day exploit in Tails: a bug in its video player that enabled them to retrieve the real I.P. address of a person viewing a clip.
That means that it was Tails that failed. Because some process other than Tor was able to reach the Internet. That should have been prevented using iptables. <snip>
P.S. a deeper defensive posture, for example Qubes OS, would have rendered the video player exploit useless, as that constrained App VM would not have network egress. of course, add more money for VM escapes, etc. :P
and so it goes, ever onward...
Even using Whonix would have rendered the video player exploit useless. Because there is no path to the Internet, with forwarding disabled in the gateway VM, and just Tor SocksPorts exposed to the workstation VM.
participants (5)
-
coderman -
John Young -
Mirimir -
Punk-Stasi 2.0 -
Zenaan Harkness