OPSEC: Windows+TORBrowser+Malicious site+Activating Javascript=You're hacked (CURRENT!)

OPSEC: Windows+TORBrowser+Malicious site+Activating Javascript=You're hacked (CURRENT!) ( arstechnica.com )

submitted 2016-11-30T09:13:38 by ImportantUpdate

2 comments

nnfx 2016-11-30T10:57:21

Ouh bad shit. Now I'm happy I never used tor/ never did something where being anon is really important....

Besides threatening Ricky Dearman maybe. :D

Should I still use another browser now? Just for usual browsing and stuff? I like my firefox including all my plugins. Setting up another browser is... ehh I'm lazy, but should I?

link

ImportantUpdate 2016-11-30T09:14:35

Thanks to @peerrails on /v/technology for bringing it to the voat community.

https://voat.co/v/technology/1448254

Why is it related?

A lot of people, me included, have been using Tor Browser Bundle on Windows to investigate.

Some of the sites have required JavaScript to display key elements.

Some of us have enabled JS.

Some of us have experienced weird stuff going on with their computers. Me included.

What does it mean?

In the wild means that anybody have access to it, including the bad guys. I don't see any original emergence date so it is perfectly possible bad guys have had this running on their websites to execute running code in the memory of visiting computers.

Yabut went on to say the code is "100% effective for remote code execution on Windows systems." The exploit code, the researcher added, adjusts the memory location of the payload based on the version of Firefox being exploited. The versions span from 41 to 50, with version 45 ESR being the version used by the latest version of the Tor browser.

If you are using Tor Browser Bundle OR Firefox (including most recent version) you are at risk!

If you're infected, the bad guys can install anything they want on your computer. Full access to everything. It is the absolute worst type of vulnerability a PC-user can experience.

If you never activate JavaScript on your Firefox/Tor Browser Bundle or is using a different browser or are on a different operating system than Windows you should be fine.

What can you do?

I suspect, but haven't verified that I am compromised based on one single symptom - I wasn't able to shut down my computer the other day as it restarted windows every time I pressed "shut down" (Recycling explorer.exe).

As soon as I read this article I disconnected the network cable and jumped on my secure linux laptop. I plan on installing Linux on my main computer before connecting it back online.

If you don't have a backup internet capable computer available, one alternative would be to buy an USB stick, go online at a library and download a live version of linux (Installs linux onto the stick, run it from there. Bypasses your main HDD and windows).

HOWDOISTRIKETHROUGH: For now I would avoid Tails as I seem to remember it being based on FF+TOR.

Bit of a brainfart as I was stressing. Tails is Linux based and thus not vulnerable.

link