[NSA INFO] For users of The Onion Router and it's associated Browser - Wrestling Forum : WWE, TNA, Debate League, Wrestling Videos, Women of Wrestling Forums
Reply

Old 10-07-2013, 02:43 PM   #1 (permalink)
Stealing the Show
 
Ziggler Mark's Avatar
 
Join Date: Jan 2012
Location: Brooklyn, NY
Posts: 7,417
Ziggler Mark is making a name for themselvesZiggler Mark is making a name for themselvesZiggler Mark is making a name for themselvesZiggler Mark is making a name for themselvesZiggler Mark is making a name for themselvesZiggler Mark is making a name for themselvesZiggler Mark is making a name for themselvesZiggler Mark is making a name for themselvesZiggler Mark is making a name for themselvesZiggler Mark is making a name for themselvesZiggler Mark is making a name for themselves
Default [NSA INFO] For users of The Onion Router and it's associated Browser

In short, the Onion Router (TOR) is a service that was spawned to help people anonymously browse the web. Turns out it's being fiddled with by the NSA in an effort to get info on anonymous browsers. Read the article below, even if you don't know what TOR is.

TL;DR version is as basic as this. The NSA is funded primarily by the NSA, and your anonymity is not something you should assume.

Source: http://news.cnet.com/8301-1009_3-576...ind-tor-users/

Quote:
Just because the National Security Agency hasn't cracked the anonymizing service Tor doesn't mean that people who use the service are free from surveillance.

The NSA has been able to use ad networks like Google's, and The Onion Router's own entry and exit nodes on the Internet, to follow some Tor users, according to a new report based on documents leaked by whistleblower Edward Snowden and obtained by security researcher Bruce Schneier with the Guardian. Tor is primarily funded by the US State Department and the Department of Defense, home of the NSA.

Tor promotes itself as helping people "defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security."

Robert Hansen, a browser specialist at the security firm White Hat Security, said that Tor access node tracking is not new.

"A couple of years ago a hacking group published exactly 100 embassy passwords from Tor exit nodes. One hundred is too round of a number," he said. "Just logically there must be more. If you get enough exit nodes and entrance nodes, they can be correlated together."

Director of National Intelligence James Clapper criticized reporters and denied that his office was doing anything illegal, citing the threat of "adversaries."

The articles fail to mention that the Intelligence Community is only interested in communication related to valid foreign intelligence and counterintelligence purposes and that we operate within a strict legal framework that prohibits accessing information related to the innocent online activities of US citizens.

The system that the NSA uses to locate and identify Tor users begins, at least sometimes, with the buying of ads on networks like Google's AdSense.

"Just because you're using Tor doesn't mean that your browser isn't storing cookies," said Jeremiah Grossman, a colleague of Hansen's who also specializes in browser vulnerabilities.

As Grossman described the procedure to CNET, the NSA is aware of Tor's entry and exit nodes because of its Internet-wide surveillance.

"The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other Web users," he wrote.

The NSA buys ads from ad display companies like Google and seeds them around Tor's access points.

"The NSA then cookies that ad, so that every time you go to a site, the cookie identifies you. Even though your IP address changed [because of Tor], the cookies gave you away," he said.

This is not some complicated or even an unusual trick, Grossman said. It's how tracking ads were intended to function.
"That's the Web by design, not a hack," he said.

The NSA, he said, is not spending much money on it since Internet ads are so cheap. Grossman speculated that an ad campaign would only cost around $1,000 to seed ads with the NSA's cookies around the Web.

"$50,000 would be overkill," he said.

Because the NSA is essentially using how the Web functions to spy on its users, tools like Tortilla that take the burden of Tor usage away from Firefox wouldn't prevent the NSA's tracking ads from finding people.

It wouldn't be feasible for Google to block ad buys from the NSA, and if the company did, he said, "they could just buy through a proxy."
Google did not respond to a request for comment.

Both Tor itself and Schneier noted that the NSA has not been able to track every Tor user this way. "They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the Internet backbone," Schneier said.

Grossman speculated that the NSA could be using spam e-mail campaigns as it's been using display ads, though he cautioned that he didn't have evidence that this was actually happening.

"On the off chance that [the spam recipient] renders the HTML or clicks a link, [the NSA] can connect your e-mail address to your browser," he explained, which the NSA would have already connected to an IP address. "Using Tor or any proxy wouldn't prevent it."

Not all Tor installations are created equal, added Hansen, who has an unusual pedigree in the browser vulnerability field because he's also a veteran of the ValueClick ad network, which was later bought by DoubleClick, which subsequently was purchased by Google.

"It depends on whether you're using Tor Button or Tor Browser," he said. "The Tor Button tends to be more secure because as you jump in and out of the Tor Browser, it tracks cache and cookies."

However, since the Tor Project now includes a patched version of Firefox, it recommends not using the Tor Button and only using the standard Tor Browser Bundle instead.

More secure than either, Hansen said, was to run Tor on a virtual machine so that cookies and cache are dumped when the machine is closed, and the kind of man-in-the-middle and man-on-the-side attacks described by Schneier are avoided.

"If you don't take the critical steps to protect your privacy, you will be de-cloaked if you're doing something interesting," Hansen said.
__________________


Avatar Mafia: Town Savior
2012 Technology Section Poster of the Year
Heroes of Newerth Mafia: Flawless Victory (MVP)
Ziggler Mark is offline   Reply With Quote
Sponsored Links
Advertisement
 

Old 10-07-2013, 11:43 PM   #2 (permalink)
Acknowledged by SCOTT STEINER
 
Join Date: Jan 2013
Posts: 1,061
sizor needs to take rep more serioussizor needs to take rep more serioussizor needs to take rep more serioussizor needs to take rep more serioussizor needs to take rep more serioussizor needs to take rep more serioussizor needs to take rep more serioussizor needs to take rep more serious
Default Re: [NSA INFO] For users of The Onion Router and it's associated Browser

Silkroad got shut down a couple of days ago

so many huge sites are also down

FBI is doing their job
FBI- stop please! let us surf free on TOR
__________________
Quote:
Originally Posted by FourWinds View Post
A bit off topic but I played WW'13 recently, I interfered in a match between Kofi and HHH and accidently hit Trips with my finisher instead of Kofi. I went from the Raw roster to wrestling Brodus on Superstars. Gotta admit the game is pretty accurate...bastard buried me on my own game.
sizor is offline   Reply With Quote
Reply



Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


VerticalSports
Baseball Forum Golf Forum Boxing Forum Snowmobile Forum
Basketball Forum Soccer Forum MMA Forum PWC Forum
Football Forum Cricket Forum Wrestling Forum ATV Forum
Hockey Forum Volleyball Forum Paintball Forum Snowboarding Forum
Tennis Forum Rugby Forums Lacrosse Forum Skiing Forums
Copyright (C) Verticalscope Inc Search Engine Friendly URLs by vBSEO 3.3.2
Powered by vBulletin Copyright 2000-2009 Jelsoft Enterprises Limited.
vBCredits v1.4 Copyright ©2007, PixelFX Studios