Skip to main content

Tor

Boffins follow TOR breadcrumbs to identify users

posted onSeptember 2, 2013
by l33tdawg

It's easier to identify TOR users than they believe, according to research published by a group of researchers from Georgetown University and the US Naval Research Laboratory (USNRL).

Their paper, Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries, is to be presented in November at November's Conference on Computer and Communications Security (CCS) in Berlin. While it's been published at the personal page of lead author Aaron Johnson of the NRL, it remained under the radar until someone posted a copy to Cryptome.

FBI Tor exploit appears on Metasploit penetration tester forum

posted onAugust 9, 2013
by l33tdawg

A Tor exploit pertaining to be one used by the FBI in a recent child pornography bust has been released on the Metasploit penetration tester forum.

The exploit was posted by Metasploit user sinn3r who claimed to have found it during a joint cyber forensics operation at the Defcon hacker conference mere hours after word of its use broke.

Questions over Tor exploit link to US Govt

posted onAugust 8, 2013
by l33tdawg

Links between a exploit targeting users of the Tor network and US spy and law enforcement agencies should now be consider tenuous, researchers say.

The attack involved a JavaScript exploit targeting an old version of Firefox then commonly used in the Tor Browser Bundle. It served to identify the IP addresses of vulnerable users and tie them to the Freedom Hosting Tor Hidden Services they were visiting.

TOR Project: Stop using Windows, disable JavaScript

posted onAugust 6, 2013
by l33tdawg

The TOR Project is advising that people stop using Windows after the discovery of a startling vulnerability in Firefox that undermined the main advantages of the privacy-centered network.

The zero-day vulnerability allowed as-yet-unknown interlopers to use a malicious piece of JavaScript to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network.

Alleged Tor hidden service operator busted for child porn distribution

posted onAugust 4, 2013
by l33tdawg

On Friday, Eric Eoin Marques, a 28 year-old Dublin resident, was arrested on a warrant from the US on charges that he is, in the words of a FBI agent to an Irish court, "the largest facilitator of child porn on the planet." The arrest coincides with the disappearance of a vast number of "hidden services" hosted on Tor, the anonymizing encrypted network.

How to turn a Raspberry Pi into a portable Tor proxy (Onion Pi)

posted onJune 18, 2013
by l33tdawg

We all know that Prism is most likely just the tip of the snooping iceberg. While some of us may run Tor on our PC or Mac, there may be times when when we are working on a device that is not our own, or perhaps even a Chromebook, tablet or phone.

Enter the stalwart Raspberry Pi, which can be transformed into a portable Tor device for browsing on the go.

Japanese police ask ISPs to start blocking Tor

posted onApril 22, 2013
by l33tdawg

Authorities in Japan are so worried about their inability to tackle cybercrime that they are asking the country's ISPs to block the use of Tor.

According to The Mainichi, the National Police Agency (NPA, a bit like the Japanese FBI) is going to urge ISPs to block customers if they are found to have "abused" Tor online. Since Tor anonymizes traffic, that can be read as a presumption of guilt on anyone who anonymizes their Web activity.

Devs cook up 'leakproof' all-Tor untrackable platform

posted onNovember 13, 2012
by l33tdawg

Developers are brewing an anonymous general purpose computing platform, dubbed Whonix.

Whonix is designed to ensure that applications (such as Flash and Java etc) can only connect through Tor. The design goal, at least, is that direct connections (leaks) ought to be impossible. "This is the only way we know of that can reliably protect your anonymity from client application vulnerabilities and IP/DNS and protocol leaks," the developers explain.

Security issue discovered in TOR client

posted onNovember 8, 2012
by l33tdawg

There is no fragment in program code where you cannot make mistakes. You may actually make them in very simple fragments. While programmers have worked out the habit of testing algorithms, data exchange mechanisms and interfaces, it's much worse concerning security testing. It is often implemented on the leftover principle. A programmer is thinking: "I just write a couple of lines now, and everything will be ok. And I don't even need to test it. The code is too simple to make a mistake there!". That's not right.