Silk Road forums

Discussion => Security => Topic started by: Popeye Trading on August 06, 2013, 01:46 am

Title: Using Tails not the torb bundle- Do i have to be worried about what just happene
Post by: Popeye Trading on August 06, 2013, 01:46 am

Hey Guys,

A few months ago i stopped using the tor bundle and started using tails...

On sat/sun i tried to check tormail a few times when it was down, i was just wondering if i need to be worried about the jave script?

Any info on tails and the situation would be great,

Cheers,

PT

Title: Re: Using Tails not the torb bundle- Do i have to be worried about what just happene
Post by: astor on August 06, 2013, 02:02 am

Since Tails is a Linux distribution and the JavaScript exploit was specific to Windows (it worked by making calls to the Windows API), you are safe. Even if it worked on Linux, Tails *may* have prevented it with its transparent proxying, unless the exploit also rooted your Tails instance, which would be considerably harder than what it was designed to do. Everyone who recently switched to Tails was safe, which turned out to be a great move in this community, considering how many people used Tormail.

Title: Re: Using Tails not the torb bundle- Do i have to be worried about what just happene
Post by: comsec on August 06, 2013, 02:07 am

Tails would've definitely given up a fake mac, a fake host name, and the Tor exit node address.. so nothing.
This is all detailed in their design document.

@vlad902 on twitter suggesting TBB should be a VM instead of attached to Firefox. FF 0day isn't expensive LE can just phone up VUPEN or thegrugq and buy them on the cheap. Of course then they would just find 0day for the Virtual machine image, and probably activate wifi to geolocate targets.

Title: Re: Using Tails not the torb bundle- Do i have to be worried about what just happene
Post by: Popeye Trading on August 06, 2013, 02:14 am

Ok cool thanks for that guys!! feeling a bit better now

Title: Re: Using Tails not the torb bundle- Do i have to be worried about what just happene
Post by: kmfkewm on August 06, 2013, 02:33 am

Quote from: astor on August 06, 2013, 02:02 am

Since Tails is a Linux distribution and the JavaScript exploit was specific to Windows (it worked by making calls to the Windows API), you are safe. Even if it worked on Linux, Tails *may* have prevented it with its transparent proxying, unless the exploit also rooted your Tails instance, which would be considerably harder than what it was designed to do. Everyone who recently switched to Tails was safe, which turned out to be a great move in this community, considering how many people used Tormail.

Tails is immune, but even if it worked against tails it would have given a fake hostname and a Tor exit node IP address, but the MAC address would be real unless you spoofed it Tails does not automatically spoof MAC address afaik.

Title: Re: Using Tails not the torb bundle- Do i have to be worried about what just happene
Post by: comsec on August 06, 2013, 04:25 am

Liberte Linux randomizes wireless MAC addresses at boot time and allows changing ethernet MAC addresses after boot is what I'm thinking of. Tails shows completed/confirmed in their macchanger update but that was 19 days ago, and latest version was June 26 so I guess not included until next release. Tails is becoming such a gigantic project crammed full of addons they are just going to shapeshift into Windows one day and not even realize it.

Title: Re: Using Tails not the torb bundle- Do i have to be worried about what just happene
Post by: astor on August 06, 2013, 07:06 am

Well, like I said, if it rooted Tails you wouldn't be safe, since then it could bypass Tor. Whonix is safer in that regard.