{"id":188974,"date":"2013-08-05T00:35:03","date_gmt":"2013-08-04T20:35:03","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=188974"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=188974","title":{"rendered":"Firefox 17 0day via Freedom Hosting<\/span>"},"content":{"rendered":"
\t\u041a\u0430\u043a \u0443\u0436\u0435 \u043e\u0442\u043c\u0435\u0447\u0430\u043b\u043e\u0441\u044c \u0432 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u043c<\/a> \u043f\u043e\u0441\u0442\u0435, \u043f\u043e\u0441\u0432\u044f\u0449\u0435\u043d\u043d\u043e\u043c \u0430\u0440\u0435\u0441\u0442\u0443 \u043e\u0441\u043d\u043e\u0432\u0430\u0442\u0435\u043b\u044f Freedom Hosting, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b \u0434\u043e\u043c\u0435\u043d\u043e\u0432 .onion (Tor-\u0434\u043e\u043c\u0435\u043d\u044b<\/a>), \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0449\u0438\u0435\u0441\u044f \u043d\u0430 \u0445\u043e\u0441\u0442\u0438\u043d\u0433\u0435 \u0443 \u00abFreedom Hosting\u00bb \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043b\u0438\u0441\u044c \u0430\u0442\u0430\u043a\u0435. \u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u041f\u041e \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 IFRAME \u043a \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u043c. \u041f\u043e\u0441\u043b\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f<\/a> \u0442\u0430\u043a\u043e\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0438 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 IFRAME, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u043d\u0430\u0431\u043e\u0440 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u0433\u0434\u0435 \u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 JavaScript (heap spraying exploit), \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0439 \u043d\u0435\u0437\u0430\u043a\u0440\u044b\u0442\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Mozilla Firefox \u0432\u0435\u0440\u0441\u0438\u0438 17 (\u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0434\u043b\u044f Tor Browser Bundle). \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u043e\u043f\u0438\u0441\u0430\u043d \u0437\u0434\u0435\u0441\u044c<\/a>.<\/p>\n

https:\/\/blog.torproject.org\/blog\/hidden-services-current-events-and-freedom-hosting<\/a><\/p>\n

The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The Tor Project, Inc., the organization coordinating the development of the Tor software and research. In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address. Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user’s computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based.<\/b> We’re investigating these bugs and will fix them if we can.<\/p><\/blockquote>\n

<\/p>\n

<\/a>\u0414\u043b\u044f \u0441\u0432\u044f\u0437\u0438 IFRAME \u0441 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435\u0439 \u043d\u0430\u0431\u043e\u0440\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 UUID, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u0441\u0432\u0430\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u00ab\u043a\u043b\u0438\u0435\u043d\u0442\u0443\u00bb, \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0431\u044b\u043b \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d IFRAME.<\/p>\n

<\/p>\n

\u0421\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c<\/a>, \u0447\u0442\u043e \u043f\u043e\u0441\u043b\u0435 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0439\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u00abFreedom Hosting\u00bb, \u0424\u0411\u0420 \u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0441\u0430\u0439\u0442\u044b \u0441 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043e\u043c \u0434\u043b\u044f \u043f\u0435\u0434\u043e\u0444\u0438\u043b\u043e\u0432 \u0432 \u0440\u0430\u0431\u043e\u0447\u0435\u043c \u0440\u0435\u0436\u0438\u043c\u0435, \u0447\u0442\u043e\u0431\u044b \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u0435 \u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 .onion \u0434\u043e\u043c\u0435\u043d\u044b (\u0442. \u0435.\u0434\u043e\u043c\u0435\u043d\u044b \u0441\u0435\u0442\u0438 Tor \u0438 \u0438\u0445 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0447\u0435\u043d\u044c \u0442\u0440\u0443\u0434\u043d\u043e), \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u043b\u0438 \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0445\u043e\u0441\u0442\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438. \u0412 js-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0435 \u0431\u044b\u043b\u0438 \u043d\u0430\u0439\u0434\u0435\u043d\u044b \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u044b, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0449\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0424\u0411\u0420 \u0432 \u044d\u0442\u043e\u0439 \u0430\u0442\u0430\u043a\u0435.<\/p>\n

\t<\/p>\n

<\/div>\n<\/p><\/div>\n

\u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 http:\/\/habrahabr.ru\/company\/eset\/blog\/188974\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\t\u041a\u0430\u043a \u0443\u0436\u0435 \u043e\u0442\u043c\u0435\u0447\u0430\u043b\u043e\u0441\u044c \u0432 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u043c<\/a> \u043f\u043e\u0441\u0442\u0435, \u043f\u043e\u0441\u0432\u044f\u0449\u0435\u043d\u043d\u043e\u043c \u0430\u0440\u0435\u0441\u0442\u0443 \u043e\u0441\u043d\u043e\u0432\u0430\u0442\u0435\u043b\u044f Freedom Hosting, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b \u0434\u043e\u043c\u0435\u043d\u043e\u0432 .onion (Tor-\u0434\u043e\u043c\u0435\u043d\u044b<\/a>), \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0449\u0438\u0435\u0441\u044f \u043d\u0430 \u0445\u043e\u0441\u0442\u0438\u043d\u0433\u0435 \u0443 \u00abFreedom Hosting\u00bb \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043b\u0438\u0441\u044c \u0430\u0442\u0430\u043a\u0435. \u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u041f\u041e \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 IFRAME \u043a \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u043c. \u041f\u043e\u0441\u043b\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f<\/a> \u0442\u0430\u043a\u043e\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0438 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 IFRAME, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u043d\u0430\u0431\u043e\u0440 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u0433\u0434\u0435 \u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 JavaScript (heap spraying exploit), \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0439 \u043d\u0435\u0437\u0430\u043a\u0440\u044b\u0442\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Mozilla Firefox \u0432\u0435\u0440\u0441\u0438\u0438 17 (\u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0434\u043b\u044f Tor Browser Bundle). \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u043e\u043f\u0438\u0441\u0430\u043d \u0437\u0434\u0435\u0441\u044c<\/a>.<\/p>\n

https:\/\/blog.torproject.org\/blog\/hidden-services-current-events-and-freedom-hosting<\/a><\/p>\n

The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The Tor Project, Inc., the organization coordinating the development of the Tor software and research. In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address. Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user’s computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based.<\/b> We’re investigating these bugs and will fix them if we can.<\/p><\/blockquote>\n

<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-188974","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/188974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=188974"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/188974\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=188974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=188974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=188974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}