Silk Road forums

Discussion => Security => Topic started by: TravellingWithoutMoving on August 09, 2013, 08:43 pm

Title: New Tor Browser Bundle 2.3.25-11
Post by: TravellingWithoutMoving on August 09, 2013, 08:43 pm
Browser Bundle as well so that users can always be aware of major issues.

https://www.torproject.org/download/download-easy.html.en

Tor Browser Bundle (2.3.25-11)

    Update Firefox to 17.0.8esr

    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
                                                              Fixed in Firefox ESR 17.0.8
                                                                         MFSA 2013-75 Local Java applets may read contents of local file system
                                                                         MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
                                                                         MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
                                                                         MFSA 2013-71 Further Privilege escalation through Mozilla Updater
                                                                         MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
                                                                         MFSA 2013-68 Document URI misrepresentation and masquerading
                                                                         MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
                                                                         MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

    Update HTTPS Everywhere to 3.3.1
    Update NoScript to 2.6.7
    Update LibPNG to 1.6.3

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tor Browser Bundle (2.4.15-beta-2)

    Update Firefox to 17.0.8esr

    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
    HTTPS Everywhere to 4.0development.9
    Update PDF.js to 0.8.298
    Update NoScript to 2.6.6.9
    Update LibPNG to 1.6.3

Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: abby on August 09, 2013, 08:58 pm
and don't forget that once it's installed you need to turn on noscript and any of the other options you had turned off before..  like turning on the don't track me and for more protection turn off js in the options.
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: tg00 on August 09, 2013, 09:01 pm
Better upgrade now my niggers unless you want ol pervert uncle sam nosing through your internets.
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: No Surprises on August 10, 2013, 01:32 pm
and don't forget that once it's installed you need to turn on noscript and any of the other options you had turned off before..  like turning on the don't track me and for more protection turn off js in the options.

This is what I've done after a clean install of the updated ToR browser.

Unticked "Enable JavaScript" from the Content tab on Firefox's options.
Ticked "Tell websites I do not want to be tracked" from the Privacy tab in Firefox's options.
Ticked the top 8 boxes on the Embeddings page in NoScript's options (Click the "S" button next to the address bar, choose options)

Am I missing anything?
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: abby on August 10, 2013, 02:04 pm
not that I know of, although that doesn't mean that there's not something else that hopefully someone will come along and point out so we both know. 

Just as a matter of interest, if you click on the green onion and go to cookie preferences, you'll see all the cookies you've picked up during the browser session.  Only two of them are for the forums and one for SR (assuming you've logged into both during the session).  They're all deleted when you close the browser but I think it does no harm to get rid of any you've picked up during the session if you've been going to sites other than the forums or SR.  I don't know enough about cookies to feel comfortable that any outside of the SR sites are benevolent.

Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: FirePharmacy on August 10, 2013, 05:59 pm
I started having trouble with the onion browser in TOR kept getting error messages.  Was driving me NUTS.  I'm not a computer geek but know enough so I restored my laptop to factory settings, then re-installed the TOR browser and now working like a charm again.  For a few days I was fiending for my SR!
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: FirePharmacy on August 10, 2013, 06:02 pm
I started having trouble with the onion browser in TOR kept getting error messages.  Was driving me NUTS.  I'm not a computer geek but know enough so I restored my laptop to factory settings, then re-installed the new TOR browser and now working like a charm again!
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: SmokesHisBroccoli on August 10, 2013, 07:10 pm
All set here.  Thanks for posting.  Everyone do their updates!
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: kimlee on August 10, 2013, 07:16 pm
and don't forget that once it's installed you need to turn on noscript and any of the other options you had turned off before..  like turning on the don't track me and for more protection turn off js in the options.

This is what I've done after a clean install of the updated ToR browser.

Unticked "Enable JavaScript" from the Content tab on Firefox's options.
Ticked "Tell websites I do not want to be tracked" from the Privacy tab in Firefox's options.
Ticked the top 8 boxes on the Embeddings page in NoScript's options (Click the "S" button next to the address bar, choose options)

Am I missing anything?



Im not incredibly tech savvy.  I ticked off the 8 boxes in no script but I cant find the firefox options.  How do I get to those options?  I looked through the folders in my Tor bundle but couldnt find anything. Simple step by step would be great. I cant even figure out how to launch firefox.  Any help is appreciated.
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: abby on August 10, 2013, 07:25 pm
on your menu toolbar go to Tools then options.  Tor is based on firefox and they've left the firefox options there plus added their own options settings (click on the onion and choose preferences to see them)
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: Railgun on August 10, 2013, 07:56 pm
When I run the new Vidalia, the browser never pops up.  I'm on a nix and am running from cmd line.

Can I get away with the old build until they resolve this?
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: abby on August 10, 2013, 08:41 pm
do you get the viadalia window and does the browser start when you click the start tor button?
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: THUMBSuP. on August 10, 2013, 10:08 pm
when you go into NoScript options..
is it best to check all of the eight listings up top in the "Embeddings" tab..?



thanks.
/thumbs
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: abby on August 10, 2013, 11:25 pm
when you go into NoScript options..
is it best to check all of the eight listings up top in the "Embeddings" tab..?



thanks.
/thumbs

I've got them all checked and it doesn't seem to have stopped me doing anything I need to here or on the SR site.  If you want to check out other SR sites it might I suppose..  you'll only know when you try.
Title: Re: New Tor Browser Bundle 2.3.25-11
Post by: No Surprises on August 11, 2013, 11:26 am
not that I know of, although that doesn't mean that there's not something else that hopefully someone will come along and point out so we both know. 

Just as a matter of interest, if you click on the green onion and go to cookie preferences, you'll see all the cookies you've picked up during the browser session.  Only two of them are for the forums and one for SR (assuming you've logged into both during the session).  They're all deleted when you close the browser but I think it does no harm to get rid of any you've picked up during the session if you've been going to sites other than the forums or SR.  I don't know enough about cookies to feel comfortable that any outside of the SR sites are benevolent.

Ok thanks. And yeah I have 3 cookies after browsing SR and these forums, I'm not gonna branch out onto any other sites anymore.