![]() ![]() "Really, switching away from Windows is probably a good security move for many reasons," he wrote. It appears that TBB users on Linux and OS X, as well as users of LiveCD systems like Tails, were not exploited by this attack," wrote Dingledine.ĭingledine suggested that users consider switching to a "live operating system" approach, such as Tails, or at least dumping Windows. "To be clear, while the Firefox vulnerability is cross-platform, the attack code is Windows-specific. Notably, the vulnerability affects only Windows users, according to Tor Project. We don't currently believe that the attack modifies anything on the victim computer." "The attack appears to have been injected into (or by) various Tor hidden services, and it's reasonable to conclude that the attacker now has a list of vulnerable Tor users who visited those hidden services. However, the observed version of the attack appears to collect the host name and MAC address of the victim computer, send that to a remote webserver over a non-Tor connection, and then crash or exit," according to Tor project leader Roger Dingledine. "The vulnerability allows arbitrary code execution, so an attacker could in principle take over the victim's computer. Similarly, the Tor Project advised that users of the Tor Browser Bundle, which includes Firefox plus privacy patches, to update to one of the following versions: 2.3.25-10 (released June 26, 2013), 2.4.15-alpha-1 (released June 26, 2013), 2.4.15-beta-1 (released July 8, 2013), or 3.0alpha2 (released June 30, 2013.) Mozilla recommended that Firefox ensure their browsers are up to date. The attackers are exploiting a vulnerability in Firefox 17.0.7 ESR (Extended Support Release), for which Mozilla issued a patch last year. Marques is a dual citizen of the United States and Ireland and currently resides overseas. Eric Eoin Marques, who is allegedly behind Freedom Hosting, faces extradition later this week in a Dublin high court for distributing and promoting child abuse material online. Freedom Hosting went offline over the weekend. Software developers use the network to create new communication tools with built-in privacy features other organizations use the serve to conduct confidential business, both legal and illicit.Īnalysts have linked the attacks to the shutdown of Freedom Hosting, a purveyor of secret services for sharing child pornography. Tor directs Internet traffic through a worldwide volunteer network of 3,000-plus relays to conceal user location or usage. Tor is a network of virtual tunnels through which users can share information anonymously. ![]() ![]() Various reports have linked the attack to Federal agencies, possibly as part of a crackdown on Freedom Hosting for alleged distribution of child pornography. ![]() Then simply open the folder and click to start Tor Browser.Users running the Firefox-based Tor Browser Bundle for Windows are being targeted by an attack that lets the perpetrator snag victims' host names and MAC addresses or even take over their systems, according to the official Tor Project blog.Execute the file you downloaded to extract the Tor Browser into a folder on your computer (or pendrive).It is very easy and similar to using a normal browser: Thus, as a whistleblower, in order to protect your anonymity, you must first download and install the Tor Browser. If you have concerns about your traceability and you choose to submit your information in total anonymity, you will be using a submission system that is entirely based on the use of Tor technology, which is already integrated into our platform. WildLeaks has implemented a Tor-based secure platform in order to allow our sources to stay anonymous and to submit sensitive information in the most secure way possible, always encrypted, in respect to data transmission and management. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |