"Mozilla is scrambling to patch a vulnerability in Firefox that is apparently being exploited in the wild to unmask Tor Browser users.
Earlier today, a small package of SVG, JavaScript and x86 code popped up on a Tor mailing list that, when opened by Firefox or Tor Browser on a Windows PC, phones home to a remote server and leaks the user's MAC address, hostname and potentially their public IP address. Typically, this exploit would be embedded in a webpage and leap into action when opened by an unsuspecting visitor."
http://www.theregister.co.uk/2016/11/30/possible_tor_browser_decloak_zero_day_dropped_patch_in_works/
https://web.archive.org/web/20161130072235/http://www.theregister.co.uk/2016/11/30/possible_tor_browser_decloak_zero_day_dropped_patch_in_works/
The malicious payload it delivers, according to an independent researcher who goes by the Twitter handle @TheWack0lian, is almost identical to one that was used in 2013 to deanonymize people visiting a Tor-shielded child pornography site. The FBI ultimately acknowledged responsibility for the exploit, which was embedded in Web pages served by a service known as Freedom Hosting.
http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/
https://web.archive.org/web/20161130031656/http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/
"This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP."
https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html
https://web.archive.org/web/20161130003501/https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html
[Editor's Note: The reporting only mentions Windows PCs, but it might not be limited to this OS.]
(Score: 0) by Anonymous Coward on Wednesday November 30 2016, @01:20PM
> leaks the user's MAC address, hostname and potentially their public IP address.
I name all of my systems "hostname" and then use aliases to differentiate them in the name server.
I also use "username" as my actual username.
I recognize that this practice makes me unique. But for all practical purposes, choosing any name is unique. This way, at least, someone looking at it by hand might be fooled into thinking the data collection was in error. Unfortunately, the mac addresses FF:FF:FF:FF:FF:FF and 00:00:00:00:00:00 are not functional.
(Score: 1) by pTamok on Wednesday November 30 2016, @02:53PM
Perhaps use one of the 'well known' 'magic numbers' for the MAC address
My first thought was 0xDEADBEEF
and in fact, the Magic Number article ( https://en.wikipedia.org/wiki/Magic_number_(programming) [wikipedia.org] ) states that
The default MAC address on Texas Instruments SOCs is DE:AD:BE:EF:00:00
I would be tempted to go for DEADBEEFDEAD or BEEFDEADBEEF ,or even ADBEEFDEADBE or EFDEADBEEFDE; or muck about with endian conversions; although pretending to be a TI SOC and using 0xDEADBEEF0000probably isn't bad for anonymity.
(Score: 0) by Anonymous Coward on Thursday December 01 2016, @08:58AM
I always liked 0xDEADBEEFCAFE
(Score: 0) by Anonymous Coward on Saturday December 03 2016, @04:20AM
better than 0xDEADCAFEBABE or 0xFACEBEEFCAFE or 0x4FECA1C0FFEE
yeah
that's right
just TRY not using 0x 4 feca1 coffee, next time you need a 'magic' number. just TRY!