Authorities in Japan are so worried about their inability to tackle cybercrime that they are asking the country's ISPs to block the use of Tor.
According to The Mainichi, the National Police Agency (NPA, a bit like the Japanese FBI) is going to urge ISPs to block customers if they are found to have "abused" Tor online. Since Tor anonymizes traffic, that can be read as a presumption of guilt on anyone who anonymizes their Web activity.
Developers are brewing an anonymous general purpose computing platform, dubbed Whonix.
Whonix is designed to ensure that applications (such as Flash and Java etc) can only connect through Tor. The design goal, at least, is that direct connections (leaks) ought to be impossible. "This is the only way we know of that can reliably protect your anonymity from client application vulnerabilities and IP/DNS and protocol leaks," the developers explain.
There is no fragment in program code where you cannot make mistakes. You may actually make them in very simple fragments. While programmers have worked out the habit of testing algorithms, data exchange mechanisms and interfaces, it's much worse concerning security testing. It is often implemented on the leftover principle. A programmer is thinking: "I just write a couple of lines now, and everything will be ok. And I don't even need to test it. The code is too simple to make a mistake there!". That's not right.
Security researchers from German antivirus vendor G Data Software have identified a botnet that is controlled by attackers from an Internet Relay Chat (IRC) server running as a hidden service inside the Tor anonymity network.
This strategy offers several advantages to the botnet's operators, but also some disadvantages, the G Data researchers said Monday in a blog post.
LastPass has added two new security features to its popular online password management system; access via TOR (The Onion Router) has been disabled and users can now limit logins to specific countries.
Premium users of the system can already enable two-factor authentication (or limit access to specific computers) as well as increase SHA-256 iterations to confuse brute-forcing of passwords but the company hopes that outlawing access via the anonymising TOR system will cut off another avenue of attack.