[PLUG] tor browser
Inkar Nation
look.kool at guruvision.com
Thu Aug 13 06:46:32 IST 2015
On Wednesday 12 Aug 2015 6:14:37 PM Vikas Tara wrote:
> On 12/08/15 17:39, ThinRhino wrote:
> > On 12-08 14:27, Vikas Tara wrote:
> >> On 12/08/15 13:57, ThinRhino wrote:
> >>>>> Yes it can make you anonymous, but there are also known flaws and
> >>>>> weaknesses that can be exploited.
> >>>
> >>> Can you point to any links to news reports on browser exploits.
> >>
> >> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1690
> >> was apparently used for exactly this purpose.
> >> https://community.rapid7.com/community/metasploit/blog/2013/08/07/heres-t
> >> hat-fbi-firefox-exploit-for-you-cve-2013-1690>
> > Basically it was a Firefox bug, which was exploited! Also the bug was for
> > FF 17.x and we are on FF 40.x today!
>
> Sorry - I should have been a bit more clear. The issue that I would like
> to highlight is that
> the browser bundle is dependant on components and any one of them could
> be open to
> exploit.
>
> Firefox ESR is one possibility - and as shown - has potentially already
> been used for defeating tor. I agree this
> was some time ago, but it was the first example that I found.
>
> Being on 17.x or 40.x doesn't mean that there couldn't be an exploit,
> know to someone, that could compromise anonymity.
>
> I guess people should know what the risks are and make their choices
> with that knowledge.
>
I tend to agree with Vikas on the argument that there could be possible
exploit... Nothing in this world guarantees absolute security, not even
silence (psi-lens)
--
Consultant Spirituel
GuRuV!SiON
More information about the plug-mail
mailing list