Silk Road forums
Discussion => Security => Topic started by: boaclon224 on September 05, 2013, 09:56 am
-
One thing that I haven't seen mentioned on these forums is that specially designed images can be used to compromise computers, so there is some wisdom in disabling images by default (obviously forms with captchas require them to be enabled, though).
This happens because image encoding and compression quite complex, so there are buffer overflows and similar vulnerabilities found quite regularly. It wouldn't be a very easy route to compromise a computer, but not the trickiest either. No more intrinsically difficult than the javascript exploit used in the Freedom Hosting compromises. So I'd recommend disabling images by default, and turning them on when you need them (captchas, pretty pictures from product pages).
-
Browsing in incognito mode is the way to go. Besides what you mentioned, it speeds up page load times, sometimes quite noticeably, and the photos rarely match the product anyway. Even if they were real photos of a real product at one time, many are months old and no longer illustrate the product being sold, and many are stock images to begin with.
-
you can disable the ability for websites to set a font as well. Doing these things protects you from various hacking attempts, but it does make your sessions very linkable as well. Probably close to 0% of Tor users disable loading images, so if you are the only person to do it don't be surprised when every single thing you do can be linked to a single entity. But you do protect yourself from image based exploits, or javascript based exploits, or font based exploits, etc. I think javascript being disabled is a no brainer, enough people do it that you will not really stick out horribly bad and it substantially protects you from hackers. On the other hand, it is less cut and dry with disabling images or fonts, because in this case you really will stick out like a sore thumb. If you are only using Tor to visit SR then it is probably best to disable images though, no need to have more attack surface than required and if you only go to one website and are always logged in when visiting it you don't need to worry about linkability between sessions because you are inherently linkable between sessions anyway.
-
Incognito mode protects you from vendors posting exploit images, certainly, but as far as protecting yourself from a potential silkroad compromise it won't help - the site owner chooses which images you load.
The linkability of sessions is indeed a cause for concern, but as you mentioned, if you log in you've already perfected linkability for an adversary. That said, I suppose in a case of equipment seizure, finding a browser configuration that matches the 'fingerprint' that had been recorded for a user then you're in a worse position. But that's just an argument for good client side encryption.
As far as font setting, do you mean 'web fonts'? Or just changing from the system's serif to sans-serif font? Because in the latter case I can't see how disabling that could be detected (presuming javascript was disabled). 'Web fonts' are a different beast, though, and yes, disabling them would be a wise move. That wouldn't increase linkability much, as the browser would be expected to cache the font after the first page view anyway.
-
You can tell Firefox to not load any images at all. Re: fonts, I mean like this: https://www.rapid7.com/db/vulnerabilities/linuxrpm-rhsa-2012-0515
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox.
not positive but I think not allowing websites to load their own fonts prevents attacks like this, as they require the user to load a malicious font. In firefox you can prevent websites from setting the font and force it to use a default font, which I think but am not certain prevents all or at least most of the font based attacks. If you know otherwise let me know.
here is another:
https://www.redhat.com/archives/enterprise-watch-list/2012-April/msg00016.html
A flaw was found in the way Firefox used its embedded Cairo library to
render certain fonts. A web page containing malicious content could cause
Firefox to crash or, under certain conditions, possibly execute arbitrary
code with the privileges of the user running Firefox. (CVE-2012-0472)
-
you can disable CSS as well, although it requires some work to keep it disabled in Firefox. It makes sites look pretty ugly though. But I can use SR without fonts, javascript, images or CSS.
And I think that should protect from at least a huge amount of potential exploits. Not sure what else to disable after that :P.
-
Or just use Whonix.
-
Whonix is security by isolation, disabling all this crap is security by correctness (since having less things means there are less mistakes that can be exploited). Security by correctness prevents the attacker from gaining a foothold in your system, security by isolation makes it so if they gain a foothold it doesn't buy them much.