>why?
People are too lazy to host their own hidden service. I hope this taught them a lesson.

It only even affects people who are retarded enough not to use noscipt

But still you shouldn't rely completely on any single system for anonymity

File: 1375595778597.jpg-(22 KB, 200x302, 200px-The_Moon_Is_A_Harsh(...).jpg)

22 KB JPG

>>35760029
I know, right

>>35760029
>It only even affects people who are retarded enough not to use noscipt
Apparently, that's a lot of people.

Lots of people (including government employees) also do things like send account authentication information over http on Tor, as evidenced by things like marinspike's sslstrip experiment.

People are lazy and stupid.

>>35760029
i doubt tor will ever recover, seriously having one host cover more then 50% was a death sentence for tor

Wait what happened?

>>35760100
basicily the owner of freedom hosting got arrested which hosted like more then 50% of all tor sites

>>35760098
well yeah, there is that
It may well be over for most hidden services

>>35760118
Oh, that sucks. Is there an article about this anywhere? Searching doesn't bring up much.

>>35760142
yeah
http://www.reddit.com/r/SilkRoad/comments/1jnd42/warning_tormail_compromised_owner_arrested_by_fbi/

>>35760142
also there's now some javascript on the sites that probably tracks people who visit freedom hosting sites

>>35760176
If people are stupid enough to go on sites that host illegal content with javascript enabled they deserve to be tracked.

>>35760201
not just illegal sites but more then half of all tor sites, legal or illegal

so yeah rip tor

At least I can still by my drugs.

http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/
http://pastebin.mozilla.org/2777139

So apparently the FBI has injected an iframe on every page of every site hosted by Freedom Hosting.
This iframe calls back to a Verizon-hosted IP, which then loads what appears to be a 0-day JS exploit that does god knows what, most likely attempting to gain shell access in order to callback via clearnet, alternatively to install backdoors or trojans.

However, here's the kicker: It only targets Firefox v17 and above, and only NT based systems.

>>35760543
Everytime I hear "here's the kicker" I hear that stupid parrot from that car commercial
I'm being brainwashed by obongo to lose muh freedoms

>>35760579
%0 apr.

>>35760811
stahp plz

>>35759975 (OP)
The point of Tor was never to host content like that. It's to allow a user to navigate the normal internet anonymously. Nothing of value has been lost here; Tor is fine.

>>35759975 (OP)
so something strange is happening fh. but were WERE does it say anything about fh in ANY article?

ITT: pedos mad their favorite child porn site got shut down

It has nothing to do with Tor itself or the security of it, morans. Also how fucking hard can it be to host a shitty httpd as a hidden service on your own.

What about muh silk road?

Fucking pedophiles enjoy your anus being enterrained by nigger dicks.

>>35765580
What I'd like to know is it an exploit which requires JavaScript to be enabled? Because I'd of thought they'd be able to bypass if JavaScript was disabled and still inject the scripts?

Also, my Iframe scripts were enabled by JavaScript was off.

>>35765561
>Also how fucking hard can it be to host a shitty httpd as a hidden service on your own.
Pretty fucking hard, actually.
Running the server within a Secure OS VM inside of a secure OS is the minimum level of paranoia you need for that shit.

>stash cache is still up

All is right with the world.

what sites are down? the popular ones... how did FBI know who was hosting them anyway if its annoymous

>>35765649
Because the hosting company knew.

Because encryption has been cracked.

Because Tor has design flaws.

Next comes silk road.

is this guy who hosted opva2 and LC?

>>35765580
Last time I heard about sharing CP, is that "We shared homemade CP thorough modified winmx and freenet".

I don't think both could be affects by TOR.

>>35765694
do you english?

silkroad isn't down? what about atlantis?
fuck, the whole cryptocoin economy will crash if those sites don't work anymore.

>>35765694
Gods I hope not. So much gold on there I never got to.

File: 1375619985466.jpg-(67 KB, 446x597, USA.jpg)

67 KB JPG

>>35760118
>more then
The word you should've used is "than".

>>35760543
>It only targets Firefox v17 and above, and only NT based systems.
Kicker? Seems to be obvious. You need FF =>17 for Tor and Windows, well, it' Windows.

File: 1375620171081.jpg-(1009 KB, 2299x3336, 3d_children_crime.jpg)

1009 KB JPG

Daily reminder.

>>35760543
Retard

Targets Firefox version 17 and lower. This is the version (17.0.7) that you're required to use for TOR on Windows.[1]

It would take a long time to walk through what's being done, and even that isn't likely to be helpful. There's a lot of Array, Int32Array, and ArrayBuffer allocation and retrieval. It's possible one of the larger strings is for injecting code into memory. It doesn't look at the guid stored in the cookie or the query param. If it is a memory injection, your guess is as good as mine.[2]

Just my sense for staring at this for an hour. I know JavaScript, but I'm not a security expert.

Original iframe w/ ?requestID=<guid>: http://pastebin.com/HcGRQk2N (with HTML)
content_1.html: <connection reset> (only used for versions of Firefox less than 17)
content_2.html: http://pastebin.com/7sTk8bgx
content_2.html?????: http://pastebin.com/t9x4GHr1 (same as content_2.html)
content_3.html: http://pastebin.com/GGCny4Vb
error.html: <connection reset> (it's likely meant to fail)

https://news.ycombinator.com/item?id=6154246

Version 17 or below not above.

Obviously that makes much more sense since bugs get fixed, the older versions won't have the bugs fixed.

>>35765819
Yes I read HN too

so Tor is still secure it is just the server was "exploited" right?

what now?

>>35765607
>it's still not really hard

>>35765972
If you've been on any pedo site on tor in the last week, panic.
If you're not a pedo, do nothing, disable javascript.

>>35765659
Yes, probably not, show 'em.

>>35765972
Nothing.
It's pretty much like saying a computer got 'hacked' because the 'hacker' had physical and free access to it.

Wasn't /g/ 'working on' a cryptonet project?

I guess that failed.

>>35765981
i always disable javascript when tor launches before going to any website. last time i used tor was 2 weeks i think.. i know i have not used it over 7 days..

>>35765972
TOR is not compromised.
They used an exploit in Firefox.
Just like finding exploits in JavaScript/Add ons.

TOR its self is safe
>>35765981

Some people say that even with JavaScript turned off won't be enough nor do I know for sure.
But none the less it's done with iframes.

>>35765973
You're making a server that's a target.
People are going to be shooting at it.

http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html
>The court heard evidence that large sums of money had passed through his bank accounts, including large payments sent to accounts in Romania.

So again, this is the product of classical police work.

>>35766094
It's no surprise that the people using his hosting were sending him money.

shoulda used buttcoin.. or something.

DBAN HDD on 17th July, Have not went on a Tor site since... only anonchan, i disabled the JS everytime Tor launches.

Was there anything worthwhile among those sites?

>>35766030
There are options for secure webservers, operating systems, you can rent some shitty server in east europe. I see that my grandmother couldn't do it, but not when you're somewhat profound and able to read a man page.

>>35766160
CP, so no.
Tormail, so no.

Better using a shitty 20mb max and use pgp or gpg.