Intermarkets' Privacy Policy
Support
Moron Meet-Ups
MI/Midwest Meet-up:
10/5-10/6/2018

It has a website!

SoCal Meet-up: 8/25/2018 In Irvine CA
Contact Jim

NY/NJ MoMe: 8/23/2018, 6pm-9pm in Hoboken
Contact CBD

Central NJ MoMe: 10/13/2018: Hillsborough-Somerset County
Contact fenelonspoke

SW Ohio MoMe: 10/20/2018, 7-10pm in Dayton OH
Contact ibguy

Texas MoMe: 10/20/18
Contact Ben Had
« Overnight Open Thread (13 Sep 2013) | Main | Saturday Morning Open Thread »
September 14, 2013

Govt kinda admits to controlling TOR servers and distributing malware snooping hack

This has been bubbling around geek-space for a few days now, expect it to go mainstream in the next week or two now that geeks have figured out all the particulars and know exactly how the malware works.

On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today.
...the malware only targeted Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network. That made it clear early on that the attack was focused specifically on de-anonymizing Tor users....
Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.
Ostensibly, this was all done as part of a child porn investigation, but many legit users were also caught up in it and had their security compromised by the malware too.

The child porn angle makes it a lot harder to criticize, particularly since there seems to be genuine malefactors involved rather than a generic fishing expedition. However, the notion of shotgunning active malware out onto the general public's computers and hoping to snag a known culprit in that wide net is something that needs discussing. I'm not sure where I am on this one yet.

To the FBI's credit, the hack code is quite limited in scope and reasonably well crafted from my cursory examination. Basically its circumventing annonymization by sending your hostname and unique LAN card ID's (MAC address) to the FBI. With the MAC address, subsequent standard router packet sniffs could trace your internet traffic anywhere it goes.

Even though child porn was involved, in this instance, this practice leaves me with a queasy feeling. Is there ever an end to this shit?, lines that won't be crossed? Its looking like the answer is no.


Oh, and RIP Burn Notice. Damn, it seems like only yesterday it premiered...

Some of the tech and Michael's sidebar commentary were wildly inaccurate, impossible and/or flat out crazy wrong in real life, but some was spot on too. Initially I found that annoying, but it became part of the schtick and I accepted it, like some of the ridiculous science defying tech in Leverage or Nikita. It was only annoying until you'd bought into the fakey "reality" of that universe and decided you wanted to like the show then it was OK.


digg this
posted by Purp at 01:57 AM

| Access Comments




Recent Comments
Kindltot: "[i]I was watching the robins in my yard hunting fo ..."

Soothsayer -- Fake Commenter: "*Lightbulb*I'm doing laundry now and just had a br ..."

Locarno: "Responding to those asking about the size of anima ..."

Deplorable Jay Guevara, now with an added spark of divinity [/i][/s][/b]: "[i]Funny you should use the term "social construct ..."

Puddin Head: "Cereal question - in Spainish or Latin is the word ..."

Democrats: " Do you know people in the USA are now being char ..."

Willowed JAS: "Having fun reading the volcanoes killed the dinasa ..."

Braenyard: "God said "let there be.." and BANG, there it was. ..."

Fritz: ">>>So they go meep, meep!, too?<<&l ..."

Optimizer: "161 If gender is just a social construct why do pe ..."

Ptomaine Poisoning: "[i]As far as Round Up goes, why don't we feed a bu ..."

Soothsayer -- Fake Commenter: "Wasn't there a salad dressing called Pfeiffer? ..."

Recent Entries
Search


Polls! Polls! Polls!
Frequently Asked Questions
The (Almost) Complete Paul Anka Integrity Kick
Top Top Tens
Greatest Hitjobs

The Ace of Spades HQ Sex-for-Money Skankathon
A D&D Guide to the Democratic Candidates
Margaret Cho: Just Not Funny
More Margaret Cho Abuse
Margaret Cho: Still Not Funny
Iraqi Prisoner Claims He Was Raped... By Woman
Wonkette Announces "Morning Zoo" Format
John Kerry's "Plan" Causes Surrender of Moqtada al-Sadr's Militia
World Muslim Leaders Apologize for Nick Berg's Beheading
Michael Moore Goes on Lunchtime Manhattan Death-Spree
Milestone: Oliver Willis Posts 400th "Fake News Article" Referencing Britney Spears
Liberal Economists Rue a "New Decade of Greed"
Artificial Insouciance: Maureen Dowd's Word Processor Revolts Against Her Numbing Imbecility
Intelligence Officials Eye Blogs for Tips
They Done Found Us Out, Cletus: Intrepid Internet Detective Figures Out Our Master Plan
Shock: Josh Marshall Almost Mentions Sarin Discovery in Iraq
Leather-Clad Biker Freaks Terrorize Australian Town
When Clinton Was President, Torture Was Cool
What Wonkette Means When She Explains What Tina Brown Means
Wonkette's Stand-Up Act
Wankette HQ Gay-Rumors Du Jour
Here's What's Bugging Me: Goose and Slider
My Own Micah Wright Style Confession of Dishonesty
Outraged "Conservatives" React to the FMA
An On-Line Impression of Dennis Miller Having Sex with a Kodiak Bear
The Story the Rightwing Media Refuses to Report!
Our Lunch with David "Glengarry Glen Ross" Mamet
The House of Love: Paul Krugman
A Michael Moore Mystery (TM)
The Dowd-O-Matic!
Liberal Consistency and Other Myths
Kepler's Laws of Liberal Media Bias
John Kerry-- The Splunge! Candidate
"Divisive" Politics & "Attacks on Patriotism" (very long)
The Donkey ("The Raven" parody)
Powered by
Movable Type 2.64