[167311] in North American Network Operators' Group
Re: Any computer, anywhere?
daemon@ATHENA.MIT.EDU (Lee)
Sun Dec 8 09:23:54 2013
In-Reply-To: <i74xlnfue8v77geku6ya7oqr.1386491071583@email.android.com>
Date: Sun, 8 Dec 2013 09:23:37 -0500
From: Lee <ler762@gmail.com>
To: Warren Bailey <wbailey@satelliteintelligencegroup.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/8/13, Warren Bailey wrote:
>
> http://m.washingtonpost.com/business/technology/2013/12/06/352ba174-5397-=
11e3-9e2c-e1d01116fd98_story.html
>
> Noticed this tonight.. Not saying the WP is always on target, but what
> software could be installed via a browser on any computer to gather all o=
f
> that data? And how would it be done without the OS speaking up about it? =
Far
> fetched.. Or do the Firefox / chrome guys have some 'splainin to do?
"The goal of the software was to gather a range of information =97 Web s=
ites
he had visited and indicators of the location of the computer..."
That's available from just the browser - don't need to install any
software on the computer. Altho if the browser is exploitable
http://www.wired.com/threatlevel/2013/08/freedom-hosting/
The malware showed up Sunday morning on multiple websites hosted by the
anonymous hosting company Freedom Hosting. That would normally be
considered a blatantly criminal =93drive-by=94 hack attack, but
nobody=92s calling in
the FBI this time. The FBI is the prime suspect.
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.ht=
ml
To be clear, while the Firefox vulnerability is cross-platform, the
attack code is Windows-specific.
Regards,
Lee
