If you write a simple Flash program that opens a socket to a remote server, you can embed that on a site and use it to identify certain people running through Tor or any other SOCKS/HTTP proxy. It will only catch people who have configured their proxy very poorly. This has been known for well over a decade and it just catches the low-hanging fruit; it's really not an innovative tactic, you can find it on all sorts of sites. If you use the Tor Browser Bundle, it will route Flash through Tor so you're immune.
However, during Operation Torpedo, the FBI deployed an "implant" on Freedom Hosting's servers which was an exploit for CVE-2013-1690, a vulnerability in Firefox. Wasn't a 0-day, but a lot of people using TBB had not patched yet. This was just some Javascript which executed a small bit of Windows shellcode, sending each victim's IP address, MAC address, and a serial number to an FBI-controlled server. The only way to be safe from this was with an updated Firefox version, and/or running NoScript.
>>It will only catch people who have configured their proxy very poorly.
To add to this, in Firefox if you use this: http://i.imgur.com/ajT98xC.png , Flash does not obey it. I kinda think Mozilla should put some kind of warning-text on this dialog window to warn uses that it doesn't apply to flash, silverlight or any plugins. This surprised me at first but it makes sense if you think about it. You really have to do a system-wide VPN type thing. Something like this: https://github.com/apenwarr/sshuttle will actually tunnel everything on your PC.
Careful, sshuttle doesn't route UDP, and by default does not route DNS requests either.
For Firefox, I don't think they should bother anyway, the world is killing flash, if you want to be anonymous on the internet use noscript and don't install flash in the first place.
Hmmmmmm..... So from what I gather here, if the ActionScript is using the regular getURL[1] that call is passed to the browser and will be proxied. But if flash tries to open up a raw socket[2] on its own, it won't know about the proxy and will just fail(or reveal your true IP)
Interesting to me though is that that article seems to imply that if you are after an Onion server you only need one "idiot" using it in order to unmask it. By compromising that user, their compromised system will get you information about the server. Or did I mis-read what they were implying?
You're misreading it. They already had a guy at the web hotel. The injected code unmasked the visitors, allowing the FBI to go out and arrest them along with taking down the site itself.
According to the article, Operation Torpedo happened one year earlier than the Freedom Hosting hack. I don't think we have seen the results of the latter yet.
The Freedom Hosting event was over 1.5 years ago. I'm starting to wonder if there was some procedural / legal issue with that operation. I don't know what would delay the investigation this long otherwise.
If you write a simple Flash program that opens a socket to a remote server, you can embed that on a site and use it to identify certain people running through Tor or any other SOCKS/HTTP proxy. It will only catch people who have configured their proxy very poorly. This has been known for well over a decade and it just catches the low-hanging fruit; it's really not an innovative tactic, you can find it on all sorts of sites. If you use the Tor Browser Bundle, it will route Flash through Tor so you're immune.
However, during Operation Torpedo, the FBI deployed an "implant" on Freedom Hosting's servers which was an exploit for CVE-2013-1690, a vulnerability in Firefox. Wasn't a 0-day, but a lot of people using TBB had not patched yet. This was just some Javascript which executed a small bit of Windows shellcode, sending each victim's IP address, MAC address, and a serial number to an FBI-controlled server. The only way to be safe from this was with an updated Firefox version, and/or running NoScript.