soo...im guessin this is a scam

[offmyr0ck3r]

Can someone verify if this is a scam. I just got a message from a newbie named ADMIN subject IMPORTANT SECURITY UPDATE and it said this:

This me[REDACTED - THIS MESSAGE CONTAINS MALICIOUS CONTENT PLEASE REPORT] remote execution attack through a flaw in Javascript's
[REDACTED - THIS MESSAGE CONTAINS MALICIOUS CONTENT PLEASE REPORT] information transmitted over the tor network.

As of Janurary 2nd 2014 the following vulnerability was found

[REDACTED - THIS MESSAGE CONTAINS MALICIOUS CONTENT PLEASE REPORT]
Impact: Critical

An attack that exploits a Firefox vulnerability in JavaScript has been observed in the wild. Specifically, Windows users
using the Tor Browser Bundle (which includes Firefox plus privacy patches) appear to have been targeted.


Please note: If you are using Linux or Tails (bootable) this vulnerability does not apply to you, please disregard this message.

We are advising all of our community members to upgrade to the patched version Tor Bundle (3.5)

http://REDACTED

Mirror: http://REDACTED

Note: You do not need to remove your current Tor Bundle before installing. This will overwrite the previous installation and upgrade you to the latest 3.5 version.

If you are unsure of which version you have it is best to upgrade anyways, it will preserve your bookmarks and preferences during the upgrade.


Any questions? Please feel free to message any mod and we will do our best to reply Asap

Happy New Year & Stay safe in 2014!

-SRStaff

[HonoluluExpress]

This is a scam.

[Censor]

Could be a scam but it's a good idea to keep Tor updated using the official site. It has been wellknown that Javascript can be exploited to expose peoples identities through Tor.... everyone should have it disabled, through windows usually. Anyone who is serious about security shouldn't be using windows anyways. Windows is the least secure and most exploitable operating system that exists.

[offmyr0ck3r]

ok i figured it was. thought everyone else should know about this

[Pharma Jack]

dont click on them links!!!

[offmyr0ck3r]

hmmmm. i cant find where to turn java off in this. i used to go to options and then content and there was a thing there to uncheck it. now its not there

[CaptainWhiteBeard]

Scam. Do not click on any links from unknown people

[Stealth]

Yes, this is another scam attempt. The user has been banned. I have redacted the links from the OP because those files will contain backdoors.

Thanks for bringing this to our attention. As a general rule, never, ever, ever consider any message you receive from someone claiming to be staff unless you see the appropriately colored blue/orange squares AND title

[WickedWords]

This vulnerability may disclose a users actual identity and other sensitive information transmitted over the tor network.

Poor punctuation

Note: You do not need to remove your current Tor Bundle before installing. This will overwrite the previous installation and upgrade you to the latest 3.5 version.

This instruction conflicts with common best practice advice (which is to NOT overwrite old versions with new versions)

it is best to upgrade anyways

Colloquial language a little out of place, considering this person attempted to write formally.

[vince]

LOL, this is so blatantly a scam it's funny. What was it? a 500kb exe file with no icon that said "tor 3.5 insatll"?

[tehjollyroger]

All this talk about back doors is getting me hot furreal.

[WickedWords]

All this talk about back doors is getting me hot furreal.

Just wait until they start talking dirty about how they're going to exploit your software and make it hardware or something

[TheDr]

Quick question people.

When I start up Tor it takes you to the TorPage. There it says there is an update for the security for tor bundle.

Can i assume that is safe to download and run?

[StringerBell]

It is just like back in the days

The days with Back Orifice and Cult of the Dead Cow.

 

[Desperado]

Doesn't take a genius to work this out mate.

be careful!

[Nightcrawler]

Yes, this is another scam attempt. The user has been banned. I have redacted the links from the OP because those files will contain backdoors.

Thanks for bringing this to our attention. As a general rule, never, ever, ever consider any message you receive from someone claiming to be staff unless you see the appropriately colored blue/orange squares AND title

He may have been referring to the main site, as opposed to the Forum. It's pretty easy to determine who is staff on the Forum, but not so much on the main site proper.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key Fingerprint = D870 C6AC CC6E 46B0 E0C7  3955 B8F1 D88E BBF7 433B

Security is a bit like religion... some things have to be taken on faith.
Where security differs from religion is that security is NOT retroactive.
Unlike Christianity, where you can come to Jesus, be 'saved' and have all
your sins washed away, with security you can adopt Tails or PGP, and be
secure from that point forward, but rest assured that your previous sins
(security failings) WILL come back to haunt you and bite you in the ass.
The original DPR is the poster child for that, right now.

Folly, thou conquerest, and I must yield!
Against stupidity the very gods Themselves
contend in vain.      --Friedrich Schiller