[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Regarding the Hacking Team leak and the "TOR interception" (all uppercase Tor obviously)



Hello,

how would this method work if an infected client tries to visit a hidden service?

Regards,
Chloe

aka skrev den 7/7/2015 16:52:
Nothing special, they try to infect the machine using browser exploits
while the victim surfs without Tor. The malware then manually installs
an ssl cert and redirects the browser proxy from 127.0.0.1:9050 to
evilguys.com:9050, which does ssl interception with that installed ssl
cert. At the time of leak only browsers on mac and internet explorer on
windows were supported, because they used registry keys to change proxy
settings...
Their attack currently doesn't work on TBB, not because it's securer,
but because Hacking Team is incapable to program proper
pre-encryption-interception on the victim machine. If your computer is
infected ALL your traffic CAN be intercepted by definition, it just
takes some *able* malware developers to implement it.
Fun fact: old, public source malware like ZeuS is able to intercept all
encrypted traffic in internet explorer and firefox (including TBB).
So don't panic if hipsters like jacob post pdfs without
reading/understanding them.


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk