TOX, get out now

[The CaT]

it was compromised

even over TOR

 

[Wolverine]

it was comprimised

how? maybe some more information?

 

[The CaT]

how? maybe some more information?

ok

give your tox here

no comment anymore

just FYI

 

[ALPAN]

give your tox here

Забавно даже
- Токс был скомпроментирован
- Как ?
- Оставь свой токс

 

[DarkToken]

you mean the 0day shared about tox last month or what do you mean ?!

 

[loren4]

never used that shit

 

[achillesec]

never used that shit

most of members use it , some stop using it just after the 0day shared here , tox was good way to contact other members ..
do you have any option better than tox ?!

 

[admin]

it was compromised

even over TOR

Please, add more tech details, if you open such thread. Otherwise it looks like hidden advertising.

 

[socket]

This just want to make hype!

 

[bratva]

Tox is a protocol, there are at least few different clients working with different platforms: qTox (Linux, FreeBSD, OS X, Windows), aTox (Android), Toxic (Linux, FreeBSD, OpenBSD, DragonflyBSD, NetBSD, Solaris, macOS, Android), TRIfA (Android).

All listed have had updates at least once this year but qTox rep is archived now. If the problem is with one client: then you can still deal w Tox (isolated in virtual evironment) because I doubt that this issue is multi-platform (e.g. RCE from this thread was supposedly only for Windows qTox). But if the problem is with protocol then it is critical and we all appreciate is you can share more information (here or privately).

Thank you!

 

[achillesec]

Tox is a protocol, there are at least few different clients working with different platforms: qTox (Linux, FreeBSD, OS X, Windows), aTox (Android), Toxic (Linux, FreeBSD, OpenBSD, DragonflyBSD, NetBSD, Solaris, macOS, Android), TRIfA (Android).

All listed have had updates at least once this year but qTox rep is archived now. If the problem is with one client: then you can still deal w Tox (isolated in virtual evironment) because I doubt that this issue is multi-platform (e.g. RCE from this thread was supposedly only for Windows qTox). But if the problem is with protocol then it is critical and we all appreciate is you can share more information (here or privately).

Thank you!

the RCE from the old post here in xss it's about windows , but the problem is if they can devlop the vulnerability to work with others or even if you suggest isolated the windows in virtual eviromnet there is another problem " getting the real location + seeing what are you doing using tox " when they get insid the VM

 

[bratva]

seeing what are you doing using tox " when they get insid the VM

If all noise is only about exposing ip-address of TOX-contact - then it is not so interesting (at least for me, as I always keep this risk in my mind with any kind of online-activity) but what are you writing now - e.g. exploitation of VM thru TOX (supposedly protocol) - that is a way more interesting; as I do not see (for this moment) any kind of possible technical realisation to make a universal exploit to all platforms and clients. May be I'm wrong, if I'm wrong it means that PoC will be public quite soon

 

[achillesec]

that is a way more interesting; as I do not see (for this moment) any kind of possible technical realisation to make a universal exploit to all platforms and clients.

it's not about exploit for all platforms it's about if they want to play the game for long term they can know ! with good social engineering like paying him for his service and make him trust them , the platform he use for tox it's will be to normal for him to share , I did see people wors than that sharing things you can't even imagin

 

[achillesec]

If all noise is only about exposing ip-address of TOX-contact - then it is not so interesting (at least for me, as I always keep this risk in my mind with any kind of online-activity)

Also not all members has the book of rules you have to be anon , you are to old in this field with better experience and when you be old in this field you will be more serious about OPSEC

 

[loren4]

most of members use it , some stop using it just after the 0day shared here , tox was good way to contact other members ..
do you have any option better than tox ?!

I know that most of the members use it, but not me. I used Jabber before, now I use forum PM or Telegram. But yeah Telegram is not a good option, but it is several times better than Tox.

 

[achillesec]

I know that most of the members use it, but not me. I used Jabber before, now I use forum PM or Telegram. But yeah Telegram is not a good option, but it is several times better than Tox.

Telegram is to wors than you can even imagin my friend , jabber is better at this moment , or you can use Tox following what bratva said " meaning using tox with more securty options "

 

[netu7777777]

Telegram is to wors than you can even imagin my friend , jabber is better at this moment , or you can use Tox following what bratva said " meaning using tox with more securty options "

what about telegram over the TOR?

 

[achillesec]

what about telegram over the TOR?

even with tor still useless , if you are doing somthing serious with hacking and using something like telegram this to bad , but just talking and selling something like database etc , i dont think big agencies will care about that ( I mean telegram is to secure for third world countries agencies not the big ones )

 

[PlagueMalware]

Anything serious you should have your own custom hidden service only known to you and collaborators. Other than that, use TOX in a VM

 

[churk]

it was compromised

even over TOR

qTox client was compromised
Not Tox as protocol

That is, for example, same as saying Pidgin was compromised. But jabber as protocol was not, and other client are safe to use

Idk how more simply to explain you