Silk Road forums
Discussion => Security => Topic started by: bodizzle on August 05, 2013, 01:36 am
-
So I definitely accessed tormail with my javascript enabled. I have since disabled my javascripts and changed my SR password. My username is different on tmail and SR.
Some questions, would greatly appreciate feedback:
1) Someone mentioned forbid <iframe>, how would I go about doing this?
2) how would I know if my comp is infected?
3) what further steps should I take? (I saw terms like Dban and ubuntu being thrown around. I have absolutely now idea about any of this stuff.)
Advice is Massively appreciated!!
*ps: I should add that I never communicated over tmail with anything associated to SR. Only used tmail for currency exchange. Should I still be worried in this case?
-
to forbid iFrame, go up top, just to the left of the url window box, clik on the red circle with diagonal overtop "S" (the scripts log) and you'll find it there
i just basically wiped my usb drive and did a fresh install of everything - that way i know i'm clean
-
When clicking on that S, there is no automatic option to forbid iFrame. When I click on options it has a number of boxes with the following options:
Forbid bookmarklets
forbid <a ping....>
hide <NOSCRIPT> elements
forbid META redirections inside <NOSCRIPT> elements
forbid XSLT
Attempt to fix javascript links
-------
The ones I have checked are:
forbid <a ping....>
forbid XSLT
attempt to fixjavascript links
Do I need to check anything else? And I dont use a USB drive for my transactions, everything is on my laptop HD (was under the impression I was safe with torbrowser and using PGP). Does this mean I should delete everything on my HD completely? (there is important info I have to back up ofc)
-
I also just realized that I didnt access tormail or get the "site is down for maintenance" message during the specified compromised time frame. So therefore, I was not active on any FH sites during the compromised time period.
I since did visit tormail, but it was back up. I did have javascripts disabled at that time.
Should I still be concerned if I was not active on any FH onion during the compromised time period?
-
When clicking on that S, there is no automatic option to forbid iFrame. When I click on options it has a number of boxes with the following options:
Forbid bookmarklets
forbid <a ping....>
hide <NOSCRIPT> elements
forbid META redirections inside <NOSCRIPT> elements
forbid XSLT
Attempt to fix javascript links
-------
The ones I have checked are:
forbid <a ping....>
forbid XSLT
attempt to fixjavascript links
Do I need to check anything else? And I dont use a USB drive for my transactions, everything is on my laptop HD (was under the impression I was safe with torbrowser and using PGP). Does this mean I should delete everything on my HD completely? (there is important info I have to back up ofc)
Click the 'Embeddings' hyperlink in the NoScript options and it will give you the ability to forbid <iframe>.
As for your HDD, the only thing I can recommend is TAILS since it's the only thing I use. It's secure, it doesn't leave traces, and it works. I'd rather have the small inconveniences (i.e. time) of TAILS over storing any incriminating data on my HDD any day. That said, I would probably delete all Tor related applications and wipe your free space with the Gutmann method.
-
Although javascript is enabled in the Tor browser, Noscript prevents any loading of scripts. For instance if you look to the bottom of your Tor browser you'll see you have to manually enable this forum, but it's blocked by default. The exploit definitely bypasses ASLR with advanced heap manipulation but only if you use Windows as OSX, Linux and BSD all use different implementations of ASLR. I think they (FBI) were specifically targeting somebody, probably a prolific uploader or possibly the admin of one of the major FH hosted CP boards. They could've easily written a linux capable ASLR breach or leased the code from VUPEN or similar shady outfits.
This is certainly one problem with everybody using the same software, if you break it, everybody is vuln. Wonder how many Tails vuln they have found.
-
Thanks for the feedback guys.
My other question still stands though:
I did not access any FH sites during the compromised time period. Am I still at risk?
-
Greetings.
How do you know if your computer has been infected by this trojan whatever the fuck it is?
thanks.
-
Thanks for the feedback guys.
My other question still stands though:
I did not access any FH sites during the compromised time period. Am I still at risk?
It's unlikely but the FBI still has access to your old emails. As long as you did not talk about illicit activities in your past emails you should be fine.
-
Best thing is to always think u are at risk...
Never sit back on your Laurals....
U are never too small to be bothered with. We are all one and just a ring in the ladder to a higher place. Never forget it.