Delivery-Date: Tue, 07 Jul 2015 11:26:54 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4F1AC1E06C8;
	Tue,  7 Jul 2015 11:26:52 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9027C361DB;
	Tue,  7 Jul 2015 15:26:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C4DDE361CF
 for <tor-talk@lists.torproject.org>; Tue,  7 Jul 2015 15:26:43 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id eci0GHW8Bgty for <tor-talk@lists.torproject.org>;
 Tue,  7 Jul 2015 15:26:43 +0000 (UTC)
Received: from db1.countermail.com (db1.countermail.com [46.253.205.114])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.countermail.com",
 Issuer "GlobalSign Domain Validation CA - SHA256 - G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 8E682361BC
 for <tor-talk@lists.torproject.org>; Tue,  7 Jul 2015 15:26:43 +0000 (UTC)
Received: from 192.168.0.1 [46.253.205.116])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by db1.countermail.com (Postfix) with ESMTPSA id AB37082A008A
 for <tor-talk@lists.torproject.org>; Tue,  7 Jul 2015 15:26:39 +0000 (UTC)
Message-ID: <559BEFAD.9090604@countermail.com>
Date: Tue, 07 Jul 2015 17:26:37 +0200
From: chloe <chloe@countermail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <559BE795.8020505@gmail.com>
In-Reply-To: <559BE795.8020505@gmail.com>
Subject: Re: [tor-talk] Regarding the Hacking Team leak and the "TOR
 interception" (all uppercase Tor obviously)
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hello,

how would this method work if an infected client tries to visit a hidden 
service?

Regards,
Chloe

aka skrev den 7/7/2015 16:52:
> Nothing special, they try to infect the machine using browser exploits
> while the victim surfs without Tor. The malware then manually installs
> an ssl cert and redirects the browser proxy from 127.0.0.1:9050 to
> evilguys.com:9050, which does ssl interception with that installed ssl
> cert. At the time of leak only browsers on mac and internet explorer on
> windows were supported, because they used registry keys to change proxy
> settings...
> Their attack currently doesn't work on TBB, not because it's securer,
> but because Hacking Team is incapable to program proper
> pre-encryption-interception on the victim machine. If your computer is
> infected ALL your traffic CAN be intercepted by definition, it just
> takes some *able* malware developers to implement it.
> Fun fact: old, public source malware like ZeuS is able to intercept all
> encrypted traffic in internet explorer and firefox (including TBB).
> So don't panic if hipsters like jacob post pdfs without
> reading/understanding them.


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

