Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some questions about Tails


  • Please log in to reply
5 replies to this topic

#1 kingneil

kingneil

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 21 December 2015 - 08:48 AM

Hi, I would like to ask some security-focused questions on Tails, the Linux privacy OS.

 

1. We know that Javascript and plugins are removed from the Firefox Tor browser, because these are 2 of the most common ways to hack a browser. But, is there any way to hack Firefox that doesn't depend on these 2 things..? The NSA has documents where they were confident to exploit so-called "native" Firefox exploits. I would like to see someone link me proof of any such exploits. The only thing I could think of would be things like, using GIF images or something like that. I've heard of exploits that Involve nothing other than GIF images.

 

2. Let's just say that the answer to (1) is "yes, they can hack Firefox even with JS and plugins disabled"... So, the question is.... what happens next...? We know that Tails runs in non-administrator/non-root mode, and we know that Tails blocks access to the user's local hard drive.... So the question is..... how would any hacker achieve persistence...? Surely when the browser window closes, the virus is now gone for good.... Or is it...? That's what I'm asking.... How would they achieve persistence...? Can programs be run simply out of the computer's RAM alone...? Or, could they install the virus to any USB hard drive that was plugged in..? Does Tails allow executable files to be run off of an external USB device..?

 

3. Question 3 is another question about persistence.... Would it be possible for a hacker to hack Firefox, and then install the drivers required to read off of the user's local hard drive...? Or not...? Does it require a computer restart in order for such drivers to take effect..? If so, then obviously it's useless for the hacker, because once Tails is restarted, it's back to its original non-modified state all over again.

 

That's it...

 

As you can see, the questions are mainly about persistence...

Thanks


Edited by kingneil, 21 December 2015 - 08:49 AM.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 26 December 2015 - 07:00 PM

The goal of an attack to the Firefox Tor browser is to reveal your public IP address, not persistence.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:08:24 AM

Posted 30 December 2015 - 07:05 PM

Tor, Tails are not so anonymous as you think? Read this,


Edited by Chris Cosgrove, 31 December 2015 - 06:08 AM.
Lik removed, see #4

 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,480 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 30 December 2015 - 09:13 PM

Why would you make someone download a picture? Just post it...
CJsdPPE.png

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:08:24 AM

Posted 01 January 2016 - 05:37 PM

Why would you make someone download a picture?


I actually wasn't going to post anything about this, so I upload the actual jpg and not the link. I also have my browser configured to run only the minimal javascript to login and nothing more.

Anyway, for those interested in further reading.

Then in July, a much anticipated talk at the Black Hat hacking conference was abruptly canceled. Alexander Volynkin and Michael McCord, academics from Carnegie Mellon University (CMU), promised to reveal how a $3,000 piece of kit could unmask the IP addresses of Tor hidden services as well as their users.

http://motherboard.vice.com/read/court-docs-show-a-university-helped-fbi-bust-silk-road-2-child-porn-suspects?gbwlbe
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#6 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 01 January 2016 - 07:10 PM

Every time someone gets busted it's the same story, Tor isn't safe anymore!

But if you search deeper it's always a simple fact of "follow the money" or "user error".

 

Read also about Whonix, different but I think it's pretty good!

 

Greets!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users