Feds are Suspects in New Malware That Attacks Tor Anonymity

We really need to come to the internalized understanding that our government is increasingly becoming a threat to its people and a danger from within; a saboteur, a spy, a traitor to it&#x27;s own people.<p>As Peter Swire has pointed out in a PBS Frontline interview: &quot;General warrants was part of the reason for the American Revolution. It was that the king&#x27;s agent could go in and search a house everywhere, search a whole neighborhood with one warrant. And the Boston people said: &#x27;We don&#x27;t like that. [...] We&#x27;ll fight you.&#x27; We said no.&quot; (redaction to avoid erroneous similarity)

Here is Mozilla on the vulnerability: [1] <a href="https://blog.mozilla.org/security/2013/08/04/investigating-security-vulnerability-report/" rel="nofollow">https:&#x2F;&#x2F;blog.mozilla.org&#x2F;security&#x2F;2013&#x2F;08&#x2F;04&#x2F;investigating-s...</a> It would seem that Tor released Tor Browser Bundle (TBB) with 17.0.7 on the 26th of June: [2] <a href="https://blog.torproject.org/blog/new-tor-browser-bundles-and-tor-02414-alpha-packages" rel="nofollow">https:&#x2F;&#x2F;blog.torproject.org&#x2F;blog&#x2F;new-tor-browser-bundles-and...</a> (note: lack of an Obfsproxy bundle!) 17.0.7 is the Firefox with the patch for the JS bug that was exploited, assuming [1] is correct.<p><i>IF</i> this was what is exploited, then it would seem that the <i>latest</i> non-obfsproxy Tor Broswer Bundle [2] will be ok. It seems that Tor released a new TBB the day after upstream Firefox vulnerability was patched.<p>Double check though.<p>Here&#x27;s what seems to be the original security advisory [3] <a href="http://www.mozilla.org/security/announce/2013/mfsa2013-53.html" rel="nofollow">http:&#x2F;&#x2F;www.mozilla.org&#x2F;security&#x2F;announce&#x2F;2013&#x2F;mfsa2013-53.ht...</a><p>Also, Tor have responded here: [4] <a href="https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting" rel="nofollow">https:&#x2F;&#x2F;blog.torproject.org&#x2F;blog&#x2F;hidden-services-current-eve...</a>

Might be worth keeping in mind that the State Department has a significant interest in TOR&#x27;s continued existence, contributing roughly 60% of the TOR Foundation&#x27;s annual income. Unsurprising, because TOR is a powerful tool for activists, journalists, and intelligence sources in the Middle East.<p>Doesn&#x27;t mean the US doesn&#x27;t want to weaken TOR, but it might not be that simple.<p><a href="https://www.torproject.org/about/financials.html.en" rel="nofollow">https:&#x2F;&#x2F;www.torproject.org&#x2F;about&#x2F;financials.html.en</a>

&gt; FBI special agent describing Marques as “the largest facilitator of child porn on the planet.”<p>Is it just me or is &quot;facilitator&quot; a PR weasel word?<p>They would have said &quot;distributor&quot; or &quot;seller&quot; if they could.<p>Does &quot;facilitator&quot; mean in the same sense that BitTorrent &quot;facilitates&quot; illegal MP3 downloads? Or in the sense that Verizon and Comcast do? Or in the sense that HTTP does?<p>i.e. Is this RIAA&#x2F;MPAA style spin, or is their more substance to it?<p>(Not rhetorical questions. Although cynical and suspicious, I genuinely don&#x27;t know.)

This is illegal right? Can we use the CFAA against them? Give them a taste of their own medicine for once.

The article is a bit light around the details of how it works; is it true that it only targets Windows machines?

Should read &quot;suspected&quot; -- suspects seems to mean they are being investigated for criminal activity. I&#x27;d be interested to hear what an editor as to say.

Yet another reason to use linux.