TOR BROWSER BTFO FOR ALL ETERNITY

TOR BROWSER BTFO FOR ALL ETERNITY
twitter.com/alexkochkov/status/1087698876935663617

Attached: DxhIW4MXgAA8FyO.jpg (576x1024, 82K)

Other urls found in this thread:

tips.fbi.gov/contact
twitter.com/SFWRedditImages

and he didn't even sell it to the nsa

I'm guessing the calculator is just a placeholder for the payload?

>Calculator and an HTML page that says "Please wait" followed by a bunch of asterisks
Wow, it's fucking nothing.

running calc.exe seems pretty standard from what I've seen, just means you can run something
proofs

>no poc
>probably needing javascript, which is disabled by default
>this person doesn't seem to have any demos
wow, fucking epic

>Windows

yeah it's probably real, and it's going to keep happening. pretty impressive feat though. at the right time he could've likely gotten decent money for that exploit.

Attached: o.jpg (433x382, 24K)

explain

this guy only has tweets of programs next to calc.exe
no demos, no code, no nothing. is he just a scammer or what?

someone claims to have written an arbitrary code execution exploit for the pared down version of Firefox shipped with the tor browser bundle

thanks, only see a calculator

Tor is a honeypot. Prove me wrong.

why do we need zero days if it's already a honeypot?
checkmate atheists

cant prove an idiot wrong when he has no understanding of cryptography and the mathematics behind it

Flying spaghetti monster confirmed

Attached: 0.jpg (1218x1015, 212K)

Code or GTFO.
Sage.

> I developed recaptcha :^)
Go to bed Edison Tan

TOR is so useless.
Its just used for drugs and retarded shit. Its just as useless as toenails.

What the heck do you even use it for?

ordering pizza

The one time a Twitter screen shot would be useful...

>disabled by default
it's not

accessing trackers

>windows
>no proof
>rotated image
>computer pic taken with external camera
>hipster avatar
>no content
a thread died for this shit.

Are you torrenting through Tor? That's fucking retarded.

accessing

trackers

>>rotated image
for dramatic effect

I do all my normal day to day browsing with Tor Browser. Keeps Jewgle, Twitjew, and Faceberg from tracking me. The NSA makes Tor so I doubt they are foiled by it.

Doesn't noscript automatically block js on TOR?

not any more
the new ns is different

Watching crappy "top 10" youtube videos friends send me without destroying my recommendeds list.

you can still set it to block all scripts, but it comes out of the box allowing everything
also it comes with an enormous whitelist

>taking screenshots with your phone
>Russian troll
Fuck off

Can't you just use hooktube, newpipe/skytube, or youtube-dl to achieve that?

Came here to post exactly this except for the Windows part.

Ughhh..... its simpler thsi way

>block all scripts
i don't know if it really does

checked
are you implying the ns included with tbb can't be trusted, or ns in general?
iirc regular noscript came with G, fb, dblclk,etc. whitelisted too

ns in general
he had to rewrite it and it can't work as the ns before because restrictions iirc

This looks like that wierd IE bug that allows sites to run installed programs without user permissions since they also used the calc as the example. More importantly, who the fuck would be stupid enough to use tor on windows?

Windows and their shitty Kernel again

Attached: 7c4.png (165x115, 17K)

JavaScript is enabled by default on tor.

You can't trust it in general. It would be much better to ship with uMatrix and uBlockOrigin. But Tor devs are retarded.

Sorry but I checkmate atheists already

wow look at this crazy chrome exploit i just wrote

Attached: chrome_2019-01-23_19-54-31.png (612x631, 142K)

he got got by the three letters

>No info on how it works

He'd be a millionaire if he actually found a way deliver this exploit without javascript, canvas or any other 'common sense' feature that's disabled by 99% Tor users.

I run a bunch of hidden services for irc bouncers and the like because my gay university blocks almost all ports but lets tor traffic through

The NIT exploit that busted a bunch of pedos in the past was due to a vulnerability in NoScript. If users relied on the NS extension to block JS, but still had 'javascript.enabled' set to true in about:config, then they got fucked.

That is why you never rely on any extension and disable all that you need in about:config first.

It really doesn't matter what they ship with. It shouldn't need any third party extension to help you stay more secure. They're just huge attack vectors for researchers.

How can we get in contact?
You will receive 100 trillion $ if its true
Please sir write your email
t. Google SiberSicurity Lead Engenier

>not just tunneling out on port 443
I do this at this one hotel chain I always stay at

I have a bunch of actual websites running on the same node, and I can't be fucked to set it up to serve both https and some other protocol on the same port

>running TOR on windows

>chief exploit developer

[email protected] thanks

And what is that "exploit" supposed to do, exactly?

remote code execution. the calc.exe is just an example of a program that can be ran. in a real world scenario, it would probably steal your IP and other sensitive information, or plant malware to spy on you.

Would really appreciate if someone could send me the Tor exploit

tips.fbi.gov/contact

> no proof of concept
i'm sure he's already sold it to his russian handlers.

>TOR BROWSER
Nice pedophile messenger

POC || GTFO

drugs and retarded shit

>it would probably steal your IP and other sensitive information, or plant malware to spy on you.
it's possible. just get the exploit to run a preinstalled browser that doesn't use TOR to hit a server you've setup and they're exposed. that's what makes these TOR exploits a little scary for people that rely on TOR.. but we have no idea how this exploit even works, and this faggot isn't saying if you need javascript enabled or not.

Government censorship circumvention.

>huge attack vectors
Find a security bug in uBO or uM. It doesn't make a fucking difference if they're 3rd party or not. They can easily be integrated into the browser and not be addons and be "1st party".

>calc.exe
So not only is this """exploit""" windows only, it's also an entirely separate piece of code which the user must download and then run manually. It's literally nothing.

>it's also an entirely separate piece of code which the user must download and then run manually.
You don't know nature of the "exploit".

I don't because there's no POC. There's no way to run executables in a browser without the user knowing, and this doesn't affect Linux.

sir there seems to be misunderstand for that is my email location

i've been doing this for years

i thought it was a feature?

>There's no way to run executables in a browser without the user knowing
XUL extensions can. That's one of the big reasons Mozilla removed them.

>There's no way to run executables in a browser without the user knowing

That's why they're called exploits and not features, user.

Tor doesn't use XUL.

No proof of concept means it's fake.

>x is useless
>now let me tell you some uses for x
>what is x for?
You're a special kind of retard aren't you

so? it could be just the browser sending the keycode calculator to the computer

It doesn't necessarily mean it's fake. You think exploit devs just give this shit out for free? You think if they did they wouldn't disclose it to the vendor first and give them a chance to patch it/alert everyone? You know, "responsible disclosure." I'm sure you can find examples where this didn't happen but they're not all that common. Usually they want to make money, allow users to root/jailbreak/etc their devices, or they're going to be goody goody types that will make sure things get fixed before they blab about it.

Probably needs JS. If you're such a stupid nigger that you allow JS on tor you deserve to have CIA after you.

This is a Tor exploit. All of those are always immediately disclosed and poc is released.

Tor's fault for enabling it by default.

>useless as toenails
So.. underated and useful, nice

>Tor's fault for enabling it by default.
Block it then nigger. If you can't even do that you shouldn't be allowed to touch a computer.

>All of those are always immediately disclosed and poc is released.
Wrong.

>You think exploit devs just give this shit out for free?
absolutely not. they sell them to governments and organized crime groups FIRST, then pretend they're doing something noble and submit bug reports for bounty money. these russians are all the fucking same. dangerously incompetent and corrupt.

>This is a Tor exploit
Wrong.
This is a browser exploit.

>man performs magic trick with cards
>you:maybe it's not a card trick! maybe he's a real wizard, who knows? a real wizard wouldn't tell anyone

The analogy doesn't really work the way you put it. But it does if you think about it from the perspective of someone who isn't a blithering fucking retard. You know, somebody other than yourself. People that come up with tricks, illusions, "magic" and whatnot have different mindsets when it comes to what they will divulge about their techniques. They might guard their secrets closely. They might copyright them and sell them for profit. Or they could go on youtube and show everyone how to do it for free if they wanted. I was saying we don't really know this guy's motivation even if it is real. Lots of other posters went in depth about the types of shady deals that happen with exploits. There's a lot of money in it. POC or it didn't happen is an unreasonable request. If you had a 0day browser exploit would you post it here on Jow Forums or would you sell it? I know it's unethical as fuck but I'd sell that shit in a heartbeat.

NOOOOOOOOOOOO

Attached: 1542841521013.jpg (220x250, 8K)

Hacked.

Attached: images.jpg (186x271, 11K)

>javascript
So literally irrelevant if you're not retarded

>.exe
>browser exploit
It's a windows exploit

>using TOR at all
It's like you're asking to be found

>It's a windows exploit
It's a browser exploit running on windows

>analogy doesn't work, unless you aren't a retard. you are a retard even though you made it up
ok buddy

you really don't get it?
>random shmuck nonchalantly shows something that's either a billion dollar project or a 5 minute trick
hmmm.... what could it be...

Gullible retard.

If it was a legit exploit he would go to one of the numerous 0day brokers instead posting garbage on twitter trying to scam people.

Attached: 766767676.png (1852x1228, 166K)

underrated comment

>vulnerability in firefox build bundled with tor
>not using tails
wow it's fucking nothing

No PoC... seems legit.

Attached: sigh.jpg (474x355, 17K)

>Firefox is garbage
who would have thought

>anonymity is useless! You should give all your information to your ISP!

>using Twitter

Attached: 1547647273927.jpg (700x436, 49K)