Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Original Sensible Seeds Autoflowering Cannabis Seeds   Bridgetown Botanicals Bridgetown Botanicals   Unfolding Nature Unfolding Nature: Being in the Implicate Order   PhytoExtractum Buy Bali Kratom Powder   Kraken Kratom Red Vein Kratom

Jump to first unread post Pages: 1 | 2  [ show all ]
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
The FBI Is Classifying Its Tor Browser Exploit Because 'National Security'
    #23379130 - 06/24/16 11:46 PM (7 years, 7 months ago)

http://motherboard.vice.com/read/the-fbi-is-classifying-its-tor-browser-exploit

Quote:

Defense teams across the US have been trying to get access to a piece of malware the FBI used to hack visitors of a child pornography site. None have been successful at obtaining all of the malware's code, and the government appears to have no intention of handing it over.

Now, the FBI is classifying the Tor Browser exploit for reasons of national security, despite the exploit already being used in normal criminal investigations well over a year ago. Experts say it indicates a lack of organization or technical capabilities within the FBI.

“The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide,” government attorneys wrote in a filing earlier this month. It came in response to the defense of Gerald Andrew Darby, who is charged with child pornography offenses.

The case is one of many brought forward from the FBI's investigation of dark web child pornography site Playpen. In February 2015, the FBI took over Playpen and deployed a network investigative technique—the agency's term for a hacking tool—in an attempt to identify visitors of the site. That tool used a vulnerability to circumvent the protections of the Tor Browser Bundle, and then grabbed the suspect's IP address and system information. (Mozilla, the maintainers of the Firefox browser that may also been affected, have tried—unsuccessfully—to get access to the vulnerability).



Court documents had previously showed that, bizarrely, it was only the FBI's reason for not wanting to hand over the exploit that was classified. But according to this recent filing, the government is now waiting on a formal, signed document from an FBI Original Classification Authority to confirm that the exploit is itself classified.

“The FBI is arguing that the tool and exploit are not simply sensitive law enforcement information, but that they actually constitute information which must be classified in the interests of national security,” Steven Aftergood from the Federation of American Scientists told Motherboard in an email. To be successfully classified, the exploit must fall into one of several categories listed in Executive Order 13526.

“Which of these categories would apply here? Intelligence sources and methods? Technological activities related to the national security?” Aftergood added. “At first glance, all of them seem like a stretch. It will be interesting to see how FBI defends the move—and whether the court is persuaded.”

According to the Department of Justice, the government has a record of mistakenly and inappropriately invoking classification controls. Aftergood pointed to the DOJ's Office of the Inspector General’s 2013 report, which read “we found several documents in which unclassified information was inappropriately identified as being classified.”

Mark Rumold, senior staff attorney at the Electronic Frontier Foundation told Motherboard in a phone call, “The government is never shy about asserting its classification authority as broadly as it wants to.”

So, why now? Why classify the exploit and other information when myriad cases have already made their way through the courts?

“Either the classified information was originally designated by another agency and the FBI only just found out, or the FBI was the original classification authority, and the designation was overlooked in error at some point down the information supply chain. This could have been due to a lack of organization, technical capabilities, or both,” Ahmed Ghappour, visiting assistant professor at UC Hastings, College of the Law told Motherboard in an email.

In other court documents, the government has vaguely said it doesn’t want to disclose the exploit because it could diminish the future value of investigative techniques; allow individuals to devise counter-measures (or perhaps patch it); and discourage cooperation from third parties and other agencies that rely on these techniques. It also held a closed-off, and apparently convincing, meeting with a judge to explain its reasoning in more detail.

Although classifying material may seem like a surefire way to stop it being disclosed, the FBI's move could open up new legal avenues for defense teams to gain access to it.

The Classified Information Procedures Act (CIPA) is a statute followed when classified information enters a court. It's traditionally used in things like espionage cases, and allows the defense to potentially review classified material.

An FBI spokesperson declined to expand on the information in the recent court filing, or explain the agency's motivations.




Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23379135 - 06/24/16 11:47 PM (7 years, 7 months ago)

NSA.


Extras: Filter Print Post Top
OfflineKonyap

Registered: 06/30/07
Posts: 33,945
Loc: Planet Piss
Last seen: 4 years, 2 months
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23379173 - 06/24/16 11:56 PM (7 years, 7 months ago)

:rolleyes:
because they couldn't just set up a fake porn site with all the photo's they have


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Konyap] * 3
    #23379190 - 06/25/16 12:05 AM (7 years, 7 months ago)

I've said it before an I will again Tor was a social experiment to trick people into falling for bait. Some people got busted some people didn't but I'm sure if you raised enough attention on the dark net you got a visit. Security on the internet is an illusion when you have the NSA sucking data right out of the ISP backbone. 


Edited by tdubz (06/25/16 12:11 AM)


Extras: Filter Print Post Top
OfflineKonyap

Registered: 06/30/07
Posts: 33,945
Loc: Planet Piss
Last seen: 4 years, 2 months
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23379207 - 06/25/16 12:11 AM (7 years, 7 months ago)

Right?
Everyone talks.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Konyap]
    #23379216 - 06/25/16 12:15 AM (7 years, 7 months ago)

Who watches over the NSA though and the FBI? Apparently no one....where is Congress where is the Judicial system on these issues? The Senate blocked the FBIs surveillance expansion by 2 votes in which the wording was craftily slipped into another bill. The executive branch seems to think they don't need warrants anymore for anything cyber related, which is starting to become everything.


Edited by tdubz (06/25/16 12:26 AM)


Extras: Filter Print Post Top
Invisibledurian_2008
Cornucopian Eating an Elephant
 User Gallery

Registered: 04/02/08
Posts: 16,693
Loc: Raccoon City
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23380320 - 06/25/16 10:25 AM (7 years, 7 months ago)

Does it not occur to you, that you know nothing about the people providing this service.

Most people's use of the internet is akin to their unflinching trust of mysterious, research chemicals.


I didn't say that the sky is falling.

I said what is this, and who are these people.

How can you know the outcome of this uncalculated risk.


Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,276
Last seen: 3 hours, 56 minutes
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23380335 - 06/25/16 10:29 AM (7 years, 7 months ago)

Quote:

Konyap said:
:rolleyes:
because they couldn't just set up a fake porn site with all the photo's they have




No, because when you connect to a site via tor, they don't get your IP address.

Quote:

tdubz said:
I've said it before an I will again Tor was a social experiment to trick people into falling for bait. Some people got busted some people didn't but I'm sure if you raised enough attention on the dark net you got a visit. Security on the internet is an illusion when you have the NSA sucking data right out of the ISP backbone. 





You obviously have no idea who is running tor.    Look it up - they are very trustworthy.


Quote:

tdubz said:
Who watches over the NSA though and the FBI? Apparently no one....




Actually a lot of people do.  Ever heard of the IG?

https://en.wikipedia.org/wiki/Inspector_general



Quote:

The executive branch seems to think they don't need warrants anymore for anything cyber related, which is starting to become everything.




They still need warrants for almost everything cyber related.


Extras: Filter Print Post Top
Invisibledurian_2008
Cornucopian Eating an Elephant
 User Gallery

Registered: 04/02/08
Posts: 16,693
Loc: Raccoon City
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23380348 - 06/25/16 10:33 AM (7 years, 7 months ago)

Quote:

Alan Rockefeller said:
You obviously have no idea who is running tor. 




I admit it. :shrug:


Extras: Filter Print Post Top
Invisibledurian_2008
Cornucopian Eating an Elephant
 User Gallery

Registered: 04/02/08
Posts: 16,693
Loc: Raccoon City
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: durian_2008]
    #23380399 - 06/25/16 10:46 AM (7 years, 7 months ago)

They say that privacy is a threat, when the most culpable people post on Facebook and Twitter (social media). They drop their ID's, here-and-there, and make a speech at the site of their atrocities.


Extras: Filter Print Post Top
OfflineMorel Guy
Stranger
 User Gallery

Registered: 01/23/13
Posts: 15,577
Last seen: 4 years, 1 month
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23380508 - 06/25/16 11:29 AM (7 years, 7 months ago)

They can do anything in the name of national security.  It's frighteningly so.  I knew a guy pretty damn well who's been in the White House and CIA buildings.  They do all sorts of things for all sorts of interests.  I think politicians like the favors they get knowing bad dogs.  Power runs deep.


Extras: Filter Print Post Top
OfflineCamwritesgonzo
The Unflushable Stool
Male User Gallery


Registered: 06/09/12
Posts: 2,333
Loc: On Uranus Flag
Last seen: 5 months, 24 days
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Morel Guy]
    #23380803 - 06/25/16 01:05 PM (7 years, 7 months ago)

So deep, in fact, that it might behoove the public to carry lube so that power doesn't hurt their collective rectum quite so much.


--------------------
"I've always maintained that reality is for those who can't face drugs."-Tom Waits
"I feel the same way about disco as I feel about herpes."-Hunter S. Thompson
A squid eating dough in a polyethylene bag is fast and bulbous, got me?


Extras: Filter Print Post Top
OfflineMorel Guy
Stranger
 User Gallery

Registered: 01/23/13
Posts: 15,577
Last seen: 4 years, 1 month
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Camwritesgonzo]
    #23380862 - 06/25/16 01:27 PM (7 years, 7 months ago)

Collective reach around?


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23382000 - 06/25/16 08:00 PM (7 years, 7 months ago)

That is false, the NSA is overseen by yes the inspector general (which is a part of the NSA an as such would only punish an individuals actions not something that threatens the security of the nation or the agency). The FISA court also has oversight of the NSA but from what I have read they have allowed almost every single request from the agency.

If tor is so trustworthy why are programmers fleeing the United States to avoid possible persecution and or interrogation by the FBI.

The federal courts have ruled that GPS location from your phone is not considered to be protected by the 4th amendment. Had the FBI passed what they wanted in this recent Senate bill neither would emails and browser history. That would equate to pretty much the entire internet history of an individual.

Also it's obvious that the agency they are referring to in the article is the NSA, only now with cyber law legalities raised due to the FBIs latest sting does it force the FBI to use the "National Security" cover in order to protect their behind. Which is the same excuse the government uses anytime it's actions are facing potential legal accountability from the public.

I mean you can't break laws, create laws, and catch criminals at the same time can you? That's not the way agencies should be allowed to function.   


Edited by tdubz (06/25/16 08:11 PM)


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: durian_2008]
    #23382209 - 06/25/16 09:07 PM (7 years, 7 months ago)

I understand that the internet is not your house, but you have at least some partial expectation of privacy on a public road in your car, should you not on the internet from your computer as well?


Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,276
Last seen: 3 hours, 56 minutes
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23382235 - 06/25/16 09:16 PM (7 years, 7 months ago)

Quote:

tdubz said:
If tor is so trustworthy why are programmers fleeing the United States to avoid possible persecution and or interrogation by the FBI.




Who did that?



Quote:

The federal courts have ruled that GPS location from your phone is not considered to be protected by the 4th amendment. Had the FBI passed what they wanted in this recent Senate bill neither would emails and browser history. That would equate to pretty much the entire internet history of an individual.





Third parties are not bound by the 4th amendment.


Extras: Filter Print Post Top
OfflineKonyap

Registered: 06/30/07
Posts: 33,945
Loc: Planet Piss
Last seen: 4 years, 2 months
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23382273 - 06/25/16 09:27 PM (7 years, 7 months ago)

Quote:

Alan Rockefeller said:
Quote:

Konyap said:
:rolleyes:
because they couldn't just set up a fake porn site with all the photo's they have




No, because when you connect to a site via tor, they don't get your IP address.






that's the point of their "mal-ware"
they probably had stacks and stacks of IP's before tor
have you heard of all the stuff win10 does?
you have no privacy anymore

if they want something they can just send a email and have the website do whatever they want
they just need to write the law first

child porn no
we should be as lucky to see anything else in broad daylight that they want to "cover up"
it works for china and japan


Edited by Konyap (06/25/16 09:30 PM)


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Konyap]
    #23382306 - 06/25/16 09:36 PM (7 years, 7 months ago)

Unlike China and Japan who just block it outright it seems that America want's to trick it's citizens into committing crimes that otherwise would be much more difficult to commit. A genocide if you will to weed out the criminals. That is what I believe Tor is an continues to be. You don't hear anything like this from other federal agencies around the world doing it to it's citizenry just the FBI...an I'm quite sure they are breaking international laws by targeting individuals or even just acquiring meta data from individuals located in other countries. 


Edited by tdubz (06/25/16 09:48 PM)


Extras: Filter Print Post Top
Offline5150
phantom
 User Gallery
Registered: 09/01/06
Posts: 5,437
Last seen: 4 years, 2 months
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23382411 - 06/25/16 10:15 PM (7 years, 7 months ago)

Imagine some idiot going on a cp site from his home computer,didn't the guy from the who do that ,townsend,gotta b crazy


--------------------
"the way of the warrior is the resolute acceptance of death"

Miyamoto Musashi


Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,276
Last seen: 3 hours, 56 minutes
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23382442 - 06/25/16 10:25 PM (7 years, 7 months ago)

I don't think they fail to censor the internet in the USA just to catch people doing stuff.  The internet is made to resist censorship and routes around it.  People wouldn't stand for content filters here.

Tor does seem to be pretty secure - look at how hard it was to catch the silk road - they had to use other means to find it other than cracking tor, and it took them a long time.


If people are paranoid about tor they can always use public wifi to connect, but I haven't seen any evidence that is necessary or improves security.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23382494 - 06/25/16 10:53 PM (7 years, 7 months ago)

I want to correct a little of what I said I don't think Tor started out this way. I could (maybe) believe Tor was a genuine effort to circumvent censorship. But it has certainly now become a trap to catch criminals since most of the content on the dark web revolves around illicit activity. Rather than allow the Judicial system to establish law regarding the incident with Play Pen the FBI decided to use the blanket of "National Security" that's what I meant by it's actions lacking public accountability. And the NSA does this to a much greater extent along with the CIA. The FBI is not the NSA or CIA though an should not have the same leeway wartime powers that those agencies have.


Extras: Filter Print Post Top
OfflineKonyap

Registered: 06/30/07
Posts: 33,945
Loc: Planet Piss
Last seen: 4 years, 2 months
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23382754 - 06/26/16 01:32 AM (7 years, 7 months ago)

if someone is posting gore pictures it definitely could be a case
"but I got it from someone?"

Oh you!


Edited by Konyap (06/26/16 01:33 AM)


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Konyap]
    #23385652 - 06/26/16 08:54 PM (7 years, 7 months ago)

We are lucky the Senate by 2 votes blocked the FBIs surveillance program (although the NSA already does this anyway so it does not matter) but if you think allowing the FBI to access our emails and browser history without a warrant is a good idea you must be stupid. More Americans should be more concerned with whats happening in Congress instead of watching reality TV. And btw I have personally emailed congressmen voting on this issue to thank them of their support for this gross injustice whether they read them or not I don't know but as a drug user community forum I would be very concerned about this.


Edited by tdubz (06/26/16 09:02 PM)


Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,276
Last seen: 3 hours, 56 minutes
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23385775 - 06/26/16 09:28 PM (7 years, 7 months ago)

How would the FBI access emails and browser history without a warrant?

Email and most websites use strong encryption now.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23385896 - 06/26/16 10:03 PM (7 years, 7 months ago)

Prime example of someone who does not know whats happening in congress.

https://theintercept.com/2016/06/22/senate-narrowly-rejects-controversial-fbi-surveillance-expansion-for-now/

Quote:

A controversial amendment that would expand the FBI’s surveillance power was narrowly defeated in the Senate Wednesday.

The final tally was 58 to 38, two votes shy of the 60 needed for the amendment to move forward. The issue will likely surface again soon, however, as Majority Leader Senator Mitch McConnell, R-Ky., immediately filed for a motion to reconsider the amendment.

The amendment — lumped on last-minute to a criminal justice funding bill — would have expanded the scope of information the FBI can collect by sending technology and Internet companies what’s known as a national security letter—without getting any kind of court approval first.

The FBI would be able to access information about suspects’ online behavior including what websites someone visits and for how long, IP address, social media activity, email headers, and more.

Companies can’t talk about the requests because they come with a gag order. Only a handful of national security letters have been made public in the decades since the FBI started issuing them.

Privacy advocates and technology companies have protested the amendment as an intrusion on Fourth Amendment protections on sensitive personal information.

“The country wants policies that promote safety and liberty,” said Sen. Ron Wyden, D-Ore., on Wednesday. “Increasingly we’re getting policies that don’t do much of either.”

He pointed out that the USA Freedom Act, in a section he authored, would allow the FBI to get the records it seeks in an emergency immediately and seek judicial approval afterwards.

Advocates like Sen. John McCain, R-Ariz., the amendment’s sponsor, insist the FBI needs more power to combat “radicalization” on the Internet. “Every law enforcement agency in American supports this,” he insisted.

The vote comes shortly after Republican senators rallied around the recent tragedy at a night club in Orlando to push for expanded surveillance powers. Though the Chairman of the Intelligence Committee, Sen. Richard Burr, R-N.C., admitted on the floor before the vote that the amendment would not have prevented the mass shooting in Orlando, or the attacks in San Bernardino in December of last year.

Burr repeated FBI Director James Comey’s assertion that the expansion being discussed is really just fixing a “typo” in the law—because the FBI used to regularly seek those records before one company, whose identify remains unknown, “bucked the system” as Burr put it, and refused to hand them over because the language of the law was confusing.

In fact, the FBI has been trying to expand the power of its national security letters since 2008, when the George W. Bush Department of Justice interpreted those powers more narrowly than the FBI liked.

The FBI has also continued to ask for additional records until at least 2013 despite the DOJ’s advice, exceeding its authorities, as The Intercept reported.




It was attempted to be slipped in right along with the gun votes an everything else last minute trying to go right over the heads of lawmakers and the public.


Edited by tdubz (06/26/16 10:12 PM)


Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,276
Last seen: 3 hours, 56 minutes
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23386350 - 06/27/16 01:50 AM (7 years, 7 months ago)

Quote:

tdubz said:
Prime example of someone who does not know whats happening in congress.





I have been following what is happening in congress.  The problem is that you don't understand the technology.

This is about sending National Security Letters to ISP's. 

ISP's don't have your browsing history - that is kept on your computer.  The only thing your ISP can do is capture your web data as it passes through their network.  If you visit a https site, all they can see is the IP address that you went to - they can't see the URL's you visited or what you did, as this is protected by strong encryption.  They can't even see the host name unless there is only one website on that IP address, though they could infer it based on which DNS lookups you are doing. 

They might have your emails if you use your ISP's mail servers, but for people who use web based email, your ISP doesn't have your email to turn over.  They could send a separate NSL to your mail host, which is why it's a good idea to use encryption on top of email.

There is no one person that they could send a NSL to who has your browsing history, except for non-SSL encrypted sites.    They would only see stuff like cnn.com - most sites use SSL now.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23386411 - 06/27/16 02:27 AM (7 years, 7 months ago)

Are you kidding me? I don't understand the technology? I'm currently studying for a BS in Computer Information and I have a BA in Political Science. I understand how Tor works. It's weaker than ever before an has been cracked for a long time. I had to post this out of my way so that you could see the Congressional vote, you did not know this until I posted it. There are multiple vulnerabilities to both tor, https, and ssl encryption the reason you do not hear about them are because they are classified particularly the latter. 

https://www.hackread.com/tor-teams-againt-fbi-hacking-exploit/
Quote:


TOR TEAM HAS BEEN WORKING HARD TO STOP FBI FROM HACKING THE ONION BROWSER AND TRACK USERS — THE TEAM IS NOW GEARING UP TO CREATE A HARDENED VERSION OF THE BROWSER!
There has been a fair share of work done to decrypt the Tor browser and any of its users who might be connected to illegal activities. The FBI has been largely involved in most of the acts over the past few years. The Tor browser network is widely lauded as the safest tool when it comes to online privacy, but in recent court cases that have been presented to the public, there seems to be a viable government malware that is capable of exploiting existing bugs in the Firefox browser. The exploit, it turns out was provided to the government back in 2015 by the researchers over at the Carnegie Mellon University.

Must Read: 7 Online Activities That Can Get You Arrested

However, a new paper shows that concerned security researchers determined to create an impenetrable browser, are now working in conjunction with the Tor Project developers to create a hardened version of the Browser. In this new and improved Tor Browser, they are aiming to create; they want to include nee anti-hacking techniques which would drastically improve the anonymity and security of users and also in a way frustrate attempts by the government to decrypt information.

One of the techniques that the security researchers are specifically researching is the Selfrando technique. The technique was made to protect against any browser exploits such as the one that has been shown to be done by the FBI.

The code would be used to counteract what the security researchers call the ‘code reuse’ exploits. In this case, attackers usually exploit the memory leak in reusing the code libraries instead of injecting new malicious codes in the network. They use libraries that are already inside the browser and therefore building malware by rearranging the things contained in the application’s memory.

Must Read: Tor Anonymity: Things NOT To Do While Using Tor

tor-browser-exploit
Fig. 1. Building and running applications without (a) and with selfrando (b) enabled / Fig. 2. Workflow of selfrando.
Must Read: Facebook Integrates TOR into its Android App For Better Privacy

Attackers in such cases need to know where all the certain functions they are aiming for are located within the application memory space. However, the current security mechanisms in the browsers only randomize locations of the code libraries and not the individual functions as expected. This is where the Selfrando technique comes into play, and therefore creates an internal code which will be very hard to exploit.

In the paper (Pdf) that they wrote, the researchers said that their solution would significantly improve the security over the standard address space layout randomization. These are the techniques which are currently employed by the Firefox browser and many mainstream browsers. Thy plans to present the plan to their findings at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany in July. They also wrote that the Tor Project had accepted to include their technique into the hardened releases of the new Tor Browser.

Must Read: Mouse movements are enough to track down Tor users

So with this news, it means that the law enforcement agencies are going to have a tough time hacking into any of the information that will be in the browser. Agencies such as the FBI already complain that they don’t have enough resources to take down terrorists and criminals on the browser are about to get another thing coming their way.

The move by the researchers shows that some people in the security field are still intent on getting the general public some privacy no matter who it affects.




It's all a circle jerk if you will. They create stronger encryption and the FBI then "at their own pace decides when to decrypt it an make it public or it eventually leaks out" a cat an mouse game, always has been and always will be. Security on the internet is an illusion albeit a carefully constructed one. The NSA is on a whole nother level than the FBI though so this is small ball compared to what a 50 billion dollar budget can do spent on specifically penetrating networks.   


Edited by tdubz (06/27/16 02:42 AM)


Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,276
Last seen: 3 hours, 56 minutes
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23386435 - 06/27/16 02:41 AM (7 years, 7 months ago)

There are no publicly known vulnerabilities in tor, https or ssl.

What makes you think that tor has been cracked?

What makes you think SSL has been cracked? 

Do you have some inside information, or are you just making up paranoid stuff?


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23386439 - 06/27/16 02:45 AM (7 years, 7 months ago)

No I am not making stuff up everything I have posted is fact. I can only inform the consensus half way if people want to learn more for themselves then it's up to them.

https://www.ics.uci.edu/~perl/pets16_selfrando.pdf - Securing the Tor Browser against De-anonymization Exploits


Edited by tdubz (06/27/16 02:57 AM)


Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,276
Last seen: 3 hours, 56 minutes
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23386475 - 06/27/16 03:20 AM (7 years, 7 months ago)

Quote:

tdubz said:
No I am not making stuff up everything I have posted is fact.




You posted that SSL and HTTPS have been cracked, and that's not true.

The paper on tor you posted is both good and recent, but nowhere in that paper does it say that tor has been cracked.  It has always been the case that if you run vulnerable web browser software, the websites that you connect to can hack you.  There are lots of ways to mitigate this. 

For example if you run your tor browser in a chroot or VM which does not have access to the rest of your files, nor access to make outbound connections, even if the FBI does hack you, it would be impossible for them to learn where you are or who you are.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23386486 - 06/27/16 03:28 AM (7 years, 7 months ago)

http://thehackernews.com/2015/10/nsa-crack-encryption.html
Quote:


Yes, it seems like the mystery has been solved.
We are aware of the United States National Security Agency (NSA) powers to break almost unbreakable encryption used on the Internet and intercept nearly Trillions of Internet connections – thanks to the revelations made by whistleblower Edward Snowden in 2013.
However, what we are not aware of is exactly how did the NSA apparently intercept VPN connections, and decrypt SSH and HTTPS, allowing the agency to read hundreds of Millions of personal, private emails from persons around the globe.

Now, computer scientists Alex Halderman and Nadia Heninger have presented a paper at the ACM Conference on Computer and Communications Security that advances the most plausible theory as to how the NSA broke some of the most widespread encryption used on the Internet.
According to the paper, the NSA has exploited common implementations of the Diffie-Hellman key exchange algorithm – a common means of exchanging cryptographic keys over untrusted channels – to decrypt a large number of HTTPS, SSH, and VPN connections.

Diffie-Hellman – the encryption used for HTTPS, SSH, and VPNs – helps users communicate by swapping cryptographic keys and running them through an algorithm that nobody else knows except the sender and receiver.
Also Read: NSA will not stop spying on us, next move Quantum computer to break strongest Encryption
It is described as secure against surveillance from the NSA and other state-sponsored spies, as it would take hundreds or thousands of years and by them and a nearly unimaginable amount of money to decrypt directly.

However, a serious vulnerability in the way the Diffie-Hellman key exchange is implemented is allowing the intelligence agencies and spies to break and eavesdrop on trillions of encrypted connections.
To crack just one of the extremely large prime numbers of a Diffie-Hellman in the most commonly used 1024-bit Diffie-Hellman keys would take about a year and cost a few hundred Million dollars.

However, according to researchers, only a few prime numbers are commonly used that might have fit well within the agency's $11 Billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities."
"Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous," said Alex Halderman and Nadia Heninger in a blog post published Wednesday.
"Breaking a single, 1024-bit prime would allow the NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."

Around 92% of the top 1 Million Alexa HTTPS domains make use of the same two primes for Diffie-Hellman, possibly enabling the agency to pre-compute a crack on those two prime numbers and read nearly all Internet traffic through those servers.




https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf - On cracking HTTPs, VPNs, SSH


Extras: Filter Print Post Top
InvisibleAmanita86
OTD Keymaster
 User Gallery

Registered: 09/26/12
Posts: 89,464
Loc: hades
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23386574 - 06/27/16 04:58 AM (7 years, 7 months ago)

Quote:

Alan Rockefeller said:
There are no publicly known vulnerabilities in tor, https or ssl.

What makes you think that tor has been cracked?

What makes you think SSL has been cracked? 

Do you have some inside information, or are you just making up paranoid stuff?



I think it's safe to say, just from an air force perspective, anything "publicly known" is equatable to Lincoln Logs.  You're going to tell me that what is "publicly known" is as far as it goes?  Come on man..

In this day and age, internet is ground zero.  Believe people have done the math.  It's just a matter of what's important enough to act on.


--------------------
:mushroom2:Orange clock, pencil:bouncysmoke:
"They threw me off the hay truck about noon...":fishing:
:mushroom2:*Mark 15:34:levitate::mushroom2::blueninja:
Gam zeh ya’avor...:sunny:


Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,276
Last seen: 3 hours, 56 minutes
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Amanita86]
    #23386739 - 06/27/16 06:37 AM (7 years, 7 months ago)

Quote:

Amanita86 said:
I think it's safe to say, just from an air force perspective, anything "publicly known" is equatable to Lincoln Logs.  You're going to tell me that what is "publicly known" is as far as it goes?  Come on man..

In this day and age, internet is ground zero.  Believe people have done the math.  It's just a matter of what's important enough to act on.





Even if your paranoid fantasy that this is true was correct, which it probably is, it wouldn't matter much because they can't use the information they get from cracking it very much at all because then people would figure out that it was broken and switch to something else that is much more secure.


Extras: Filter Print Post Top
OfflineApostle
Philanthropist
 User Gallery


Registered: 12/12/09
Posts: 31,501
Loc: FL Flag
Last seen: 1 year, 24 days
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23386813 - 06/27/16 07:18 AM (7 years, 7 months ago)

Quote:

tdubz said:
I've said it before an I will again Tor was a social experiment to trick people into falling for bait. Some people got busted some people didn't but I'm sure if you raised enough attention on the dark net you got a visit.



How does that make it any different than the real world?

at what rates did people get busted on Tor compared to offline/street dealing?


If the whole thing was "bait" why did they catch so few dealers and why are people still using the dn?


I'm not saying the government isn't involved in some way with Tor i just don't think it was designed as bait. I'd even wager that Seized drugs have been sold on the DN.


Extras: Filter Print Post Top
Invisibledurian_2008
Cornucopian Eating an Elephant
 User Gallery

Registered: 04/02/08
Posts: 16,693
Loc: Raccoon City
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
    #23387312 - 06/27/16 10:38 AM (7 years, 7 months ago)

Quote:

...then people would figure out that it was broken and switch to something else that is much more secure.




With all due respect --

How are you supposed to figure things like that out, if you can't believe in people's self-reported experiences.

Is there some test.

It's not a rhetorical question.


Extras: Filter Print Post Top
InvisibleRepertoire89
Cat
Male


Registered: 11/15/12
Posts: 21,773
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23388418 - 06/27/16 05:20 PM (7 years, 7 months ago)

Quote:

tdubz said:
I've said it before an I will again Tor was a social experiment to trick people into falling for bait. Some people got busted some people didn't but I'm sure if you raised enough attention on the dark net you got a visit. Security on the internet is an illusion when you have the NSA sucking data right out of the ISP backbone. 




Paranoid delusion of as great a magnitude as lizard people.


Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,276
Last seen: 3 hours, 56 minutes
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: durian_2008]
    #23388576 - 06/27/16 06:09 PM (7 years, 7 months ago)

Quote:

durian_2008 said:
How are you supposed to figure things like that out, if you can't believe in people's self-reported experiences.





If the government uses information that they got from cracking a secure thing against people, they will eventually realize.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Apostle]
    #23388678 - 06/27/16 06:38 PM (7 years, 7 months ago)

It's impossible to know how many got busted by Tor directly through it or indirectly by it. The point is that it is insecure that does not mean your going to get busted every time you order a small quantity of drugs. But who knows maybe later when you visit your friend down the street an get busted you'll think it will be a surprise or something but maybe it won't be.


Edited by tdubz (06/27/16 07:06 PM)


Extras: Filter Print Post Top
InvisibleHobbyist
Citizen


Registered: 08/15/10
Posts: 805
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
    #23394887 - 06/29/16 04:52 PM (7 years, 6 months ago)

Quote:

tdubz said:
I want to correct a little of what I said I don't think Tor started out this way. I could (maybe) believe Tor was a genuine effort to circumvent censorship.




TOR was developed initially by the Navy for their own use... 

Quote:

tdubz said:
Are you kidding me? I don't understand the technology? I'm currently studying for a BS in Computer Information and I have a BA in Political Science. I understand how Tor works. It's weaker than ever before an has been cracked for a long time.




How can you be so knowledgeable about it and not know some very basic things about it?


--------------------
Everything i say is completely hypothetical...



Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Hobbyist]
    #23395834 - 06/29/16 10:36 PM (7 years, 6 months ago)

I know Tor was developed by the navy. What makes you think I did not know that? Read the research papers I posted that will show you the level of Tor knowledge I have, these are higher education research papers and one may in fact be regarding one of the FBI's secret exploit techniques being used right now.


Extras: Filter Print Post Top
Jump to top Pages: 1 | 2  [ show all ]

Shop: Original Sensible Seeds Autoflowering Cannabis Seeds   Bridgetown Botanicals Bridgetown Botanicals   Unfolding Nature Unfolding Nature: Being in the Implicate Order   PhytoExtractum Buy Bali Kratom Powder   Kraken Kratom Red Vein Kratom


Similar ThreadsPosterViewsRepliesLast post
* How national gang moved in on city’s drug trafficking [NC] veggieM 4,490 1 02/18/07 12:10 PM
by fireworks_god
* FBI May Relax Its Marijuana Rules veggieM 1,856 3 10/10/05 01:43 PM
by Madtowntripper
* FBI adds to wiretap wish list Twirling 1,672 6 03/18/04 07:59 PM
by Twirling
* is the fbi recording all your internet activity tihkalpihkal 2,254 6 01/30/07 02:20 PM
by Drewwyann
* FBI will start allowing recruits who "dabbled" with weed in the past. The_Red_Crayon 1,313 6 08/06/07 05:13 AM
by CidneyIndole
* FBI: Lennon 'too high' to be a revolutionary veggieM 1,014 1 09/22/05 08:20 AM
by MadSeasonAbove
* Navajo Nation OKs peyote law veggieM 1,748 3 08/05/05 04:57 PM
by dblaney
* U.S. Spares Meth Nations From Sanctions
( 1 2 all )
veggieM 4,764 20 03/10/07 09:25 PM
by EntheogenicPeace

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: motaman, veggie, Alan Rockefeller, Mostly_Harmless
3,809 topic views. 0 members, 4 guests and 2 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.043 seconds spending 0.008 seconds on 14 queries.