But, this is the Firefox / Tor Browser Bundle exploit. The question is how FBI gained access to Freedom Hosting? What kind of exploits did they use?
Pavol On Mon, Aug 05, 2013 at 09:08:49PM -0500, Kyle Maxwell wrote: > According to THN[0] and several linked supporting sites from there > (particularly notable are analyses from Kenneth Buckler[1] and Vlad > Tsyrklevich[2]), the payload delivered the MAC address and Windows > hostname to 65.222.202.54[3]. I've read in public sources that that > address is assigned to SAIC but I have not seen any hard data on that. > > [0]: > http://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-pornography-Freedom-Hosting.html > [1]: > https://code.google.com/p/caffsec-malware-analysis/source/browse/trunk/TorFreedomHosting/ > [2]: http://tsyrklevich.net/tbb_payload.txt > > On Mon, Aug 5, 2013 at 8:22 PM, <liberationt...@lewman.us> wrote: > > On Mon, Aug 05, 2013 at 06:18:02PM -0400, r...@privacymaverick.com wrote > > 0.6K bytes in 0 lines about: > > : Does anybody have any indication on how the alleged operator of > > : Freedom Hosting was identified. Everybody seems to be focusing on > > : the javascript exploit but from what I've read, it appears that was > > : placed on the server after the alleged operator was taken down and > > : the operation compromised, or is my timing off? > > > > This is far more interesting to me than anything else. I've been > > wondering the same thing. > > -- > @kylemaxwell > -- > Liberationtech list is public and archives are searchable on Google. Too many > emails? Unsubscribe, change to digest, or change password by emailing > moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- ______________________________________________________________________________ [Pavol Luptak, Nethemba s.r.o.] [http://www.nethemba.com] [tel: +421905400542]
-- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech