back to article Tor fingers Firefox flaw for FAIL but FBI's also in the frame

Tor has confirmed the existence of malware that has taken down some of its hidden nodes - and says flaws in Firefox are at the heart of the problem. The network anonymising service yesterday noted the disappearance of some nodes on its network. The outfit hasn't offered any more insight into what's down, or exactly what …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Be careful what you ask for

    Legal use is fine but piracy can cost you years in prison regardless of whom you blame for your bad choices.

    1. Tom 7 Silver badge

      Re: Be careful what you ask for

      not if you can get Obama on your side.

  2. Martin Maloney
    Go

    Why use Tor?

    The main problem with Tor is that it transports you back to the days of dial-up. Yep, it's that slow. (Well, not quite -- it just seems that way.)

    If you want both security and speed, then VPN is the only way to go. There are even free VPN services.

    Setting up a PPTP VPN doesn't require that you download and install software. It works on Windows, Mac OS, Linux and Android.

    1. Wild Bill

      Re: Why use Tor?

      If you're after security and privacy, then you'd be an idiot to use a free VPN

    2. Paul Crawford Silver badge

      Re: Why use Tor?

      PPTP is not terribly secure and has no real defence (AFIK) against man-in-the-middle attacks.

      OpenVPN is probably much better as it should be able to notify you of an SSH certificate change in such circumstances, though not all VPN suppliers support it so well.

      Finally, any "free" VPN is not going to be very fast in general, someone has to pay for the bandwidth needed!

    3. Anonymous Coward
      Pirate

      Re: Why use Tor?

      @Martin - >"There are even free VPN services."

      What's on the other end of these amazing "free VPN services"? CIA servers, or Russian crime syndicate servers?

  3. Jamie Kitson

    Criminal Activity

    Hasn't the FBI just committed a crime?

    1. Anonymous Coward
      Anonymous Coward

      Re: Criminal Activity

      Haha! Is that even possible anymore?

      Man, I remember back when we had judicial oversight of the executive. Good times.

      1. Justicesays
        Trollface

        Re: Criminal Activity

        Don't worry, if by some tiny chance someone manages to get any hard evidence of a crime by an arm of the government, brings it to a Judge who still has some sense of ethics, and gets a conviction, el Pres will just issue pardons all round.

    2. Anonymous Coward
      Coffee/keyboard

      Re: Criminal Activity

      @Jamie - >"Hasn't the FBI just committed a crime?"

      Oh I get it - a joke! Very funny.

  4. Shawn80

    Articles should point out that the exploit in Firefox is Windows only. Not real computers.

    Secure Windows is an oxymoron.

    1. Eradicate all BB entrants

      Ha ha ha ....

      .... real funny. No OS is secure, they all have flaws. So with super insecure Windows, why is OSX the first system breached at the pwn2own contest, purely on the OS flaws?

      1. Jamie Kitson

        Re: Ha ha ha ....

        > No OS is secure, they all have users.

        There, fixed that for you.

      2. Anonymous Coward
        Anonymous Coward

        Re: Ha ha ha ....

        And OS-X has over 2,000 known vulnerabilities - versus the worst ever Microsoft OS - Windows XP - on about 500...

        nb - Linux holds the record with SUSE 10 on over 3,800 vulnerabilities....and well over 900 in the Linux kernel alone

        1. Anonymous Coward
          Anonymous Coward

          Re: Ha ha ha ....

          Microsoft wrote 100% of the code for their OS. Whereas others use certain components from the public realm. Sure you can say that they decided to use it and they are ultimately responsible.

  5. Anonymous Coward
    Anonymous Coward

    It's daft to base a product that allegedly increases your browsing security on a browser product that is five versions out of date. What do you expect, Tor?

    1. Jamie Kitson

      I thought the same, but maybe the Extended Support Release version was useful to them in some way.

      1. Anonymous Coward
        Anonymous Coward

        Re: five versions out of date

        Or, maybe, the point of the Extended Support Release version is to keep an updated/patched firefox browser version compatible with older systems.

    2. Anonymous Coward
      Anonymous Coward

      Actually, the 'daft' part is having five versions in two months. If they slowed down to catch their breath, maybe some of these "issues" would get caught before release.

      Of course, Mozilla is based in America. Could it be these 'flaws' are being placed there as the result of a FISA court order?

      1. Anonymous Coward
        Anonymous Coward

        Actually, the 'daft' part is having five versions in two months. If they slowed down to catch their breath, maybe some of these "issues" would get caught before release.

        You do realise that those five versions are essentially minor releases? If they went back to the old numbering scheme (17.1, 17.2, 17.3, etc) you'd no doubt stop complaining.

        1. Anonymous Coward
          Joke

          17?

          I think you mean 4.1, 4.11, 4.2, etc.

  6. envmod

    if you've ever used TOR for anything illegal

    you're fucked.

    1. UnauthorisedAccess
      Big Brother

      Re: if you've ever used TOR for anything illegal

      ...or more specifically, if you've ever used the TOR Browser Bundle that uses Firefox 17 on Windows, had javascript enabled, used it during the period where the FBI had implemented the malware on some onion sites, were also doing things that were illegal (and those illegal things are the ones that the FBI are targeting) then you are fucked.

      Note that if the intended targets are the peddlers and consumers of child exploitation material, then great, I'm all for it (though I wish they could employ different methods)!

  7. Paul V

    Or, conversely, just hit that button that says "Enable Javascript"

    And watch 99.9% of your browser-based security problems disappear, including FBI Javascript Malware.

    Unless the attack method of what they set up is different than what I've seen reported..

    1. Sir Runcible Spoon Silver badge
      Coat

      Re: Or, conversely, just hit that button that says "Enable Javascript"

      Why would enabling Javascript help?

      1. Paul V

        Re: Or, conversely, just hit that button that says "Enable Javascript"

        You're right. I should have said "uncheck the box labelled.."

  8. Dave 32

    Firefox 23

    I just installed Firefox 23 this morning.

    Dave

    1. Gene Cash Silver badge
      WTF?

      Re: Firefox 23

      It's interesting to see Firefox 23 no longer has the "disable javascript" option in preferences any more...

  9. Anonymous Coward
    Anonymous Coward

    It's going to be Operation Ore all over again...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019