[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Al Billings
albill at openbuddha.com
Mon Aug 5 16:13:34 PDT 2013
No, "Mozilla" (I assume you mean "Firefox") wasn't used to insert anything into any servers. It is the other way around. Someone had an exploit on the servers that could be used to exploit older versions of the ESR17 branch of Firefox, which the Tor Browser Bundle uses. (ESR is the "Extended Support Release" and ESR17 is Firefox 17 + important security updates since 17 was shipped. ESR is meant for corporate users and others who want longterm stability but security fixes as well.)
--
Al Billings
http://makehacklearn.org
On Monday, August 5, 2013 at 4:00 PM, Shava Nerad wrote:
> So, essentially, Mozilla was used as the Trojan Horse to insert the payload into the servers. It wouldn't have made a difference at all if they were hidden or not, only that they were using web services and allowing any version of Mozilla to attach.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130805/2c009c0a/attachment.html>
More information about the liberationtech
mailing list