EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.07.13

Using Windows With TOR is Like Wearing Makeup to Dodge CCTV

Posted in Free/Libre Software, Windows at 11:18 am by Dr. Roy Schestowitz

CCTV

Summary: The TOR project asks users to abandon Microsoft Windows, which helped the NSA (based on identified IP blocks) crack anonymity

THE thing about proprietary software is, it infects any system it is surrounding, making everything penetrable if the underlying layer has a back door, which Windows has. Activists who challenge authority must never rely on proprietary software, suggests experience [1, 2],

More GNU/Linux distributors should start promoting their products based on privacy as a selling point, not just software freedom, especially now that a lot of people are concerned about mass surveillance. Sadly, however, even some of these distributors are now compromising their users' privacy inside Azure, whose host is in bed with the NSA.

“Several mainstream articles are publishing the Tor Project’s recommendation to drop Windows,” told us iophk, noting also the poor headline at the Telegraph. He gave this better example from IDG:

The TOR Project is advising that people stop using Windows after the discovery of a startling vulnerability in Firefox that undermined the main advantages of the privacy-centered network.

The zero-day vulnerability allowed as-yet-unknown interlopers to use a malicious piece of JavaScript to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network.

There is more here. “In the pre-Mono days,” iophk says, “I would have expected Canonical and Ubuntu to be all over that. Shuttleworth could make an invitation like he did to the Suse developers. However, with their Community “Manager” defending MS, that may not happen. Speaking of the “manager”, his and the others' responses to your old post here has elicited denial of the problem as well as a bit of an attack. I think the topic is very worth revisiting at least once a month.”

Here is another post about this subject. It is reproduced as follows from JoinDiaspora:

The exploit of Tor by JavaScript

Who were affected?

  • Window Users
  • People who enabled JavaScript
  • Used the Tor Browser Bundle

~Windows~

Most of the users were windows users, I’m not claiming that Linux or
Gnu|linux users are superior but to be more accurate, some windows
users don’t have the mentality of security or common sense when it comes to
protecting them self and their devises. Gnu|linux users or Unix users are more
aware of their surrounding and what goes within their Systems, now that said
Windows users need to understand that to be safe and secure you need to take
away all of those applications that would cause a back door to your system.

These are the following said applications:

Javascript - There are multiple ways of disabling this, but
my favorite way is to add an add-on called, “NoScript”. This disables script’s
to be activated and or used within your browser, you have nothing to worry about, you are able to
fully activate or deactivate JavaScript if needed.

Flash - Yes Flash, there are ways of doing this, either
deleting the flash application or never going to YouTube ( I doubt you’ll be doing this). There are multiple add-ons for your browser that will disable the usability of flash and allowing Html5 to
take over.

Cookies - Cookies are a great way of entering your system and
gather some useful information about said system and maybe you. There are
add-ons for disabling these little critters. there are multiple said add-ons like
Self-Destructing Cookies or going into your system and deleting them yourself.

~JavaScript~

JavaScript is not safe cause it has bugs. This holds true
for the various implementations of JavaScript, as well as the browsers that
JavaScript runs in. Some bugs can, when discovered, be exploited to bypass
the said sandbox, or to perform other malicious actions on your machine, like
what the FBI did to a specific Tor network. So JavaScript is not safe in most occasions, anybody
running JavaScript can be the target for something malicious.

~Using Tor Bundle~

Tor bundle uses an old version of Firefox and is easily
exploited, add-ons are not implemented within the browser. Even if you
were using Tor you would of gotten targeted. Using a different applications
for the same cause will allow users to be much safer than having a bundle and
thinking that no one can actually hack|crack into said system. This is false when
using anything, just keep in mind that you could always be Hacked|cracked by
someone or a specific organization.

Forgot to mention one thing, passwords. People please, don’t
create a password that is easily created like, your name, age, birth
place, or someone or something.
The best way of creating a good
passphrase is to use Uppercase letters as well as other symbols for instance
if your name is jonny michaels use Joney_M1ch_els.
keep in mind that this example is just a bare minimum for a truly secure Password.

If you have any questions on what to use or just have anything
to ask me just ask.

Like alway, happy hacking

And if you don’t use free software, the hacking (or cracking) is all on you.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. Needs Sunlight said,

    August 7, 2013 at 12:19 pm

    Gravatar

    Then there are the end-point compromises. Running Windows, you know you have a system full of back doors. In addition to the official ones, M$ is said to release vulnerabilities to the US government before patching them. Given how long M$ can take to get around to releasing a working patch, this can be quite a lead time.

What Else is New


  1. White House Intervention Harms Android and Every Software Developer on the Planet

    US Solicitor General Donald Verrilli urges the Supreme Court (SCOTUS) to let APIs be covered by copyrights, rendering almost every program a potential copyright violation



  2. Microsoft Lobbying in India Shoots Down or At Least Weakens Free/Libre Software Policy

    Microsoft's covert efforts (lobbying with the help of public partners like NASSCOM) to eliminate an India-leaning software policy in India is finally paying off



  3. Propaganda Mode for UPC Agreement Whilst EPO Increasingly Grants Patents on Software

    In order to make the Unitary Patent a reality (towards a 'no place to hide' patent approach) misleading claims are being made



  4. Patents Are Not Source Code

    Ford is once again misleading regarding Open Source, mischievously associating a patent pledge with Open Source



  5. Links 29/5/2015: ALT Linux 7.0.5, Google I/O 2015

    Links for the day



  6. Links 28/5/2015: SourceForge Hijack, RIP Marco Pesenti Gritti

    Links for the day



  7. Censorship on Reddit Has Gotten (Condé) Nasty and Silent, Even Actively Silenced

    Condé Nast has turned Reddit into a platform of censorship after the acquisition



  8. The Supreme Court of the United States Helps Patent Trolls

    In an unforeseen kind of ruling, the same court which slapped down a lot of software patents last year is now legitimising the actions of a patent troll



  9. Patent Lawyers Fight Hard for the Future of Software Patents

    Media that is dominated by patent lawyers and targets an audience of patent lawyers refuses to accept the post-Alice reality



  10. Fortune Glorifies Patent Troll Jay Walker (Patent Utility)

    Jay Walker, a patent troll, creates a Web-based trolling/'licensing' service and the corporate media helps him



  11. Stealing Android's Thunder, Making It All About Apple and Microsoft During Google I/O

    Misleading articles and conjoined media/analyst attacks on Android coincide with Google's event where major Android announcements are being made



  12. British Government May be a Step Closer to GNU/Linux (on the Desktops, Not Just Servers)

    The British government stops paying the criminal company that blackmails its members, thereby increasing the possibility of complete escape from proprietary software



  13. Microsoft's Patent Allies LG and Sony Agree to Put Microsoft Inside Android

    LG and Sony (of Rockstar Consortium) follow Samsung and Dell in Microsoft's campaign to turn Android into 'Microsoft Android' using patents-induced pressure/leverage



  14. Yet Another Major Security Deficiency in UEFI

    UEFI is inherently insecure, more so than the alternatives which it strives to replace, including Free/libre ones



  15. Links 27/5/2015: Fedora 22 is Out, Mandriva Liquidated

    Links for the day



  16. Patent Scope at the EPO is Totally Out of Control, UPC Will Make Things Worse

    A look at the practical issues with the EPO, where patent scope and litigation scope have been vastly extended so as to benefit multinational corporations and possibly patent trolls



  17. Links 26/5/2015: Reviews of Kubuntu 15.04, Linux 4.1 RC5

    Links for the day



  18. Süddeutsche Zeitung Says Talking Helps While EPO Management Back-stabs Other Side of the Table

    German media gives the impression that there is peace and harmony now that Benoît Battistelli and his circle of power speaks to staff, but nothing is said about simultaneous (albeit covert) attacks against that staff



  19. Large Corporations Call the Shots in US Patent Reform

    A reminder of where we stand on the issue of patent 'reform' in the US and who is controlling or shaping it



  20. Microsoft Puts Proprietary Windows and Hyper-V Inside the Free Software-Centric OpenStack

    OpenStack, which celebrates rapid growth in this month's event in Canada, is facing a proprietarisation threat from Microsoft



  21. Microsoft's Secret Lobbying, Bullying, and the Long History of Blackmailing Politicians Around the World

    British media covers Microsoft's abuse in the UK, but there are many similar incidents, and not just in the UK



  22. Frankfurter Allgemeine Zeitung on Benoît Battistelli and Four EPO Suicides

    German press article from April 2015 (with translations)



  23. Links 24/5/2015: CrossOver 14.1.3, NTFS-3G Vulnerability

    Links for the day



  24. Links 23/5/2015: Fedora 22 to May 26th, Netflix in SteamOS

    Links for the day



  25. The Patents Production 'Industry' (Patent Lawyers) Still Fights Hard to Salvage Software Patents

    A review of recent writings about software patents and patents on business methods in the United States, demonstrating that patent lawyers have gotten very vocal and sneaky (trying to evade the rules)



  26. Patents as a Marketing Strategy: USPTO Now Part of the Advertising Industry

    The existence of publicity patents, or patents whose sole purpose is to advertise some products, serves to discredit the US patent office, which was originally set up to promote science and technology



  27. Microsoft Blackmails and Extorts British Politicians Over Open Standards and Free Software-Leaning Policies

    Microsoft's digital imperialism in the UK getting defended using blackmail, reminding a lot of Brits that Microsoft is just as evil as ever before



  28. Microsoft Gives Another Bug a Name, This Time Logjam™

    The Microsoft crowd is good only at marketing, even when it comes to small bugs in software



  29. Links 22/5/2015: Fedora 22 Final Release is Near, Canonical IPO Considered

    Links for the day



  30. More Utter Shame Unveiled at Battistelli's EPO: Intimidation Tactics With Help From 'Control Risks'

    The unaccountable thugs who run the EPO have hired London-based spooks to help silence their opposition and their critics


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts