Delivery-Date: Tue, 07 Jul 2015 10:53:24 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,BODY_URI_ONLY,
	DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,
	T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 30CCE1E068E;
	Tue,  7 Jul 2015 10:53:22 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id B4DFF360C2;
	Tue,  7 Jul 2015 14:53:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id EC79F35FC0
 for <tor-talk@lists.torproject.org>; Tue,  7 Jul 2015 14:53:11 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 3--uJACeH5RY for <tor-talk@lists.torproject.org>;
 Tue,  7 Jul 2015 14:53:11 +0000 (UTC)
Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com
 [IPv6:2a00:1450:400c:c00::22a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id A30CD35FBE
 for <tor-talk@lists.torproject.org>; Tue,  7 Jul 2015 14:53:10 +0000 (UTC)
Received: by wgbgr6 with SMTP id gr6so16428971wgb.3
 for <tor-talk@lists.torproject.org>; Tue, 07 Jul 2015 07:53:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=googlemail.com; s=20120113;
 h=from:message-id:date:user-agent:mime-version:to:subject
 :content-type:content-transfer-encoding;
 bh=3OolyzJomhDP3GceTj0MJ+/luatMFyw3xD4vIc6XdZw=;
 b=xsFxi3FWajegRsb5URvO7SRzYkIDey1CWFHogiUneXpgzb7mPz/JwPSrHv5nDQUBaY
 RFS9eo23cd2v0GhldjdKFjizXlw4EoxnijMih8f4S2GV8bpeRxSAL4ug/ogaqkaaPaJQ
 00k1nY+vCqnP517I5B8K10or3tmPfl7mmawhTn3e2gef2Y/us6hI3iBYDzk0uwS0RYwo
 QQbRlkviJmvdlvXyWARcBGkqF3A9hrSCW3XK7p5Pwq9qIn7RDEIGhnVApoMyc7q6yWnY
 wSZ0Ic3FNtqJbObXkZrfMcTWs1IhyA4Xg/IPSU7KA3ETBbWt9H43DI28QS1dkPdEDDZm
 AUAg==
X-Received: by 10.180.13.171 with SMTP id i11mr103866096wic.5.1436280787951;
 Tue, 07 Jul 2015 07:53:07 -0700 (PDT)
Received: from [172.16.41.91] (195-154-136-42.rev.poneytelecom.eu.
 [195.154.136.42])
 by mx.google.com with ESMTPSA id dl10sm30504768wjb.42.2015.07.07.07.53.06
 for <tor-talk@lists.torproject.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 07 Jul 2015 07:53:07 -0700 (PDT)
From: aka <akademiker1@googlemail.com>
X-Google-Original-From: aka <akademiker1@gmail.com>
Message-ID: <559BE795.8020505@gmail.com>
Date: Tue, 07 Jul 2015 16:52:05 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
Subject: [tor-talk] Regarding the Hacking Team leak and the "TOR
 interception" (all uppercase Tor obviously)
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Nothing special, they try to infect the machine using browser exploits
while the victim surfs without Tor. The malware then manually installs
an ssl cert and redirects the browser proxy from 127.0.0.1:9050 to
evilguys.com:9050, which does ssl interception with that installed ssl
cert. At the time of leak only browsers on mac and internet explorer on
windows were supported, because they used registry keys to change proxy
settings...
Their attack currently doesn't work on TBB, not because it's securer,
but because Hacking Team is incapable to program proper
pre-encryption-interception on the victim machine. If your computer is
infected ALL your traffic CAN be intercepted by definition, it just
takes some *able* malware developers to implement it.
Fun fact: old, public source malware like ZeuS is able to intercept all
encrypted traffic in internet explorer and firefox (including TBB).
So don't panic if hipsters like jacob post pdfs without
reading/understanding them.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

