[liberationtech] Foxacid payload
Andy Isaacson
adi at hexapodia.org
Thu Jul 17 12:19:31 PDT 2014
On Thu, Jul 17, 2014 at 03:14:32PM -0400, Jonathan Wilkes wrote:
> We know something about the selectors that could trigger
> Foxacid attacks, and we can record the data sent to a machine
> running Tor Browser Bundle. So has anyone set up a sitting duck to
> trigger and record the payload of the attack?
>
> Once the payload is known then Firefox could be patched, no?
And once you've patched this bug, FOXACID will update to issue another
0day.
It's worth doing, for sure! Patching bugs makes us all incrementally
safer.
But don't pretend that patching the specific attack your adversary is
currently using will disable or even seriously inconvenience the
adversary.
-andy
More information about the liberationtech
mailing list