/g/ - Technology

install openbsd

[Make a Post]
[X]





Is tor vunerable to Stegosploit tecnique? Nanonymous No.2700 [D][U][F][S][L][A][C] >>2702
File: b5e2eeeb26af2bc296c8432bc9ae190deb499e83a6d7085190864a77344d792b.png (dl) (4.50 KiB)

https://thehackernews.com/2015/06/Stegosploit-malware.html

>TLDR

>Malicious code or exploit is encoded inside the image’s pixels, which is then decoded using an HTML 5 Canvas element that allows for dynamic, scriptable rendering of images.

>The malicious code, dubbed IMAJS, is a combination of both image code as well as JavaScript hidden into a JPG or PNG image file. Shah hides the malicious code within the image’s pixels, and unless somebody zoom a lot into it, the image looks just fine from the outside.

>fucking javashit

Is this even patchable? It seems like 90% of the exploits in tor come from javascript.

Only solution I can think of would be if the browser reformated the images before displaying them. But that sounds resource intensive.

Nanonymous No.2701 [D] >>2704

Just disable your pajeetscript dumb fuck. That's the whole point of nanochan.

Nanonymous No.2702 [D] >>2704

>>2700
It's not a real exploit. It's a way of encoding data in images, which can be used as a vector for other exploits. The giveaway is that no browsers or versions are mentioned anywhere, implying that the "exploit" is an example of everything working as intended
>is this even patchable
insofar as it's an exploit, it piggybacks off of existing exploits. Patch those and you patch this. Tor browser/modern firefox/chrome/etc. should already be patched against known vulns. But since the attack relies on javashit, you can protect against future exploits by disabling javascript, just like you knew you should.


Nanonymous No.2703 [D] >>2704 >>2705

Reminds me how some shitposters from Washington University encoded malware into DNA that could take over the lab equipment.

http://archivecaslytosk.onion/Y0mWH

Nanonymous No.2704 [D] >>2706

>>2701
>>2702
>>2703

I always disable javascript, but the problems is that the browser supports it at all.

https://news.softpedia.com/news/zero-day-tor-browser-exploit-bypassed-noscript-to-execute-malicious-code-522604.shtml

>Zerodium unveiled in a tweet a Tor Browser 7.x zero-day exploit which circumvented NoScript's 'Safest' security level to run malicious code inside the browser.

Why should we leave our security to a third party extension.

There should be a fork of tor browser bundle with a version of firefox that does not support javascript at all.

In fact just have a hardcoded version that is equivalent to the "safest" setting.


Nanonymous No.2705 [D]

>>2703
What? How the fuck is that possible.
Archive.is supports TLS + the Hidden service now by the way, for what it's worth:
https://archivecaslytosk.onion/Y0mWH

Nanonymous No.2706 [D] >>2708

>>2704
>NoScript
That's bloated as crap, I use uBlock Origin which also supports disabling Javascript by changing the HTTP headers

Nanonymous No.2707 [D] >>2708

>disabling Javascript by changing the HTTP headers
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src

Nanonymous No.2708 [D] >>2709

>>2706
>>2707
Why doesn't NoScript work like this?

Also what if an exploit is found in uBlock as well? It sounds it has a hard switch which is hard to mess with but who knows.

How was the NoScript exploit made exactly anyway?

Nanonymous No.2709 [D] >>2710

>>2708

https://www.netsparker.com/blog/web-security/noscript-vulnerability-tor-browser/

>The NoScript Safest extension blocks all JavaScript code in Tor Browser versions 7.x. However, it can be bypassed with a simple trick in the HTTP response, allowing the JavaScript files to run. The attack works when the attacker adds the following HTTP header in the response:

>Content-Type: text/html;/json

>It seems like the code responsible for blocking scripts from loading actually parses the Content-Type header incorrectly. When the code encounters the /json string at the end of the header, it believes that the context can't execute scripts anyway. Therefore it does not see the need to disable the script engine on that page.

So essentially NoScript assumed a reason not to run.

It's fixed now but should I just switch to uBlock?

Nanonymous No.2710 [D]

>>2709
>It's fixed now but should I just switch to uBlock?
It's up to you, I simply block all third-party resources which kinda makes me more unique but I really don't want to connect to Google or whatever other big analytics company.

If you just want to block Javascript, uBlock Origin might not be the most obvious option but I don't know I really disliked NoScript seemed much too bloated for my liking, so I figured I simply use that instead of NoScript.

Nanonymous No.2720 [D]

>thehackernews.com
gfo