Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

From http://tsyrklevich.net/tbb_payload.txt - yes. It uses Winsock routines and WinAPI stdcall calling conventions.


And here's the security advisory for the vulnerability, which was fixed in Firefox 22 and Firefox ESR 17.0.7:

http://www.mozilla.org/security/announce/2013/mfsa2013-53.ht...


What does the code actually deliver in the HTTP request, and what path does the request travel?

Is the exploit that the request is made outside of the TOR proxy (thus revealing the true origin IP) or that it gathers information about the host and sends that via TOR to some machine?


The code is described as grabbing the MAC and hostname and sending them via a raw HTTP request to Virginia.

Since it is a Windows executable, this is done outside of TOR.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: