Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Tor project. Show all posts
Web browsing
Internet Privacy Tor project VPN Web browsing

Tor Project Assures Users It's Safe Amid Controversy of Deanonymizing Users

Tor Project Assures Users It' Safe Amid Controversy of Deanonymizing Users

Tor Project, A Privacy Tool

Tor is a privacy software used for keeping your identity secret by rerouting your web traffic through several nodes (computers) worldwide, which makes it difficult to track where the user traffic is coming from. In a change of events, an investigative report warned that law enforcement from Germany and across the have collaborated to deanonymize users via timing attacks. 

The Tor project, however, is trying to assure users that the network is still safe. The team behind Tor assures proper measures are followed for users using the latest versions, stressing that timing attacks is an old technique and solutions can mitigate it.

Catching Child Abusers Using Tor

Known for its privacy services, Tor is generally used by journalists and activists while communicating with sources to avoid censorship in countries that curb press freedom. The project boasts a long list of genuine users, but because of its secrecy, threat actors also use Tor to host illegal marketplaces and avoid law enforcement.

German portal Panorama has issued an investigative that says court documents revealed that law agencies use timing analysis attacks via Tor nodes in large numbers to track and arrest the main culprits behind the child abuse platform “Boystown.”

In the Tor timing attack, the users are deanonymized without abusing any vulnerabilities in the tool, the focus is on noticing the timing of data entering and exiting the network.

If the threat actor is controlling the Tor nodes or tracking exit and entry points, they can compare the entry and exit time data, and in case of a match, use the data to trace the traffick back to a particular user.

If the attacker controls some of the Tor nodes or is monitoring the entry and exit points, they can compare the timing of when data enters and leaves the network, and if they match, they can trace the traffic back to a particular person.

Tor’s Reply 

The Tor Project is not happy about not getting access to the court documents that can help them understand and verify security-related questions. “We need more details about this case. In the absence of facts, it is hard for us to issue any official guidance or responsible disclosures to the Tor community, relay operators, and users,” reads the Tor statement.

Read more »
Tor project
Bug Cyber Security IP addresses JavaScript exploit Security Software Tor project

Tor Browser Bug Executes Uncalled for JavaScript Codes!


The well-known Tor is allegedly experiencing some kind of bug in its mechanism. It has hence warned the users to stay vigilant as regards to the “Tor Browser Bug”, which runs JavaScript codes on various unexpected sites.

Tor (originally Team Onion Router) is a free and open-source software which chiefly works on allowing anonymous communication to users.

Reportedly, the team has been working on a solution and would roll it out as soon as it is done, but there isn’t a particular time to expect it.

One of the most critical features for the security of the Tor Browser Bundle (TBB) happens to be the ability to block the code execution of the JavaScript, mention sources.

TBB is a browser that has a set of superior privacy features majorly for concealing real IP addresses to maintain the anonymity of online users and their devices’ locations.

Owing to these features, the browser has become a go-to for the working people, especially the journalists, citizens of repressive countries and people with political agendas because after all, it is a great instrument to dodge online censorship and firewalls.

People who are against the anonymity of the users and just can’t let things be, have in the past tried several times to expose Tor Browser users’ actual IP addresses via exploits that functioned on JavaScript code.

Sources cite that while few attempts of the better nature have been successfully employed to track down criminals, others were pretty strangely executed.

And then recently, a bug was discovered in the much appreciated TBB’s security mechanism. When the browser was set to allow the use of the most supreme security level and still permitted the execution of the JavaScript code when instead it should have barred it.

It is a relief that the team of Tor is well aware of the bug and is, with dedication working towards developing a patch for it. Per sources, they also mentioned that if a user requires to “Block JavaScript” they could always disable it entirely.

As per reports, the procedure for doing the above-mentioned is to open the “about config” and search for “javascript.enabled”. If here the “Value” column mentions “false” it means that the JavaScript is disabled and if it mentions “true” then right-click to select “Toggle” or double click on the row to disable it.

Read more »
Subscribe to: Posts (Atom)