The anonymizing network gives some advice following a startling Firefox zero-day vulnerability
IDG News Service - The TOR Project is advising that people stop using Windows after the discovery of a startling vulnerability in Firefox that undermined the main advantages of the privacy-centered network.
"Really, switching away from Windows is probably a good security move for many reasons," according to a security advisory posted Monday by The TOR Project.
People using Linux and OS X were not affected, but that doesn't mean they couldn't be targeted in the future. "This wasn't the first Firefox vulnerability, nor will it be the last," The TOR Project warned.
"This exploit doesn't look like general purpose malware; it looks targeted specifically to unmask Tor Browser Bundle users without actually installing any backdoors on their host," said Vlad Tsyrklevich, a security researcher who analyzed the code, in an email. He published an analysis on his website.
The vulnerability was patched by Mozilla in later versions of Firefox, but some people may still be using the older versions of the TOR Browser Bundle. The bundle's browser, based on Firefox, is specially configured to visit TOR sites, which have URLs that look like "http://idnxcnkne4qt76tg.onion/."
Requests to websites on TOR take a circuitous route through a network of servers around the world designed to obscure a computer's IP address and other networking information that makes it easier to link a computer to a user.
Several TOR Browser Bundle versions were fixed over a four-day period starting June 26. Although the Browser Bundle will automatically check for a new version, it is possible that some users didn't upgrade, which could have put them at risk.
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- HTTP Status Code Cheat Sheet Look at the Graph, Find the Code and Boom - You're Solving Problems. Identifying and understanding common HTTP status codes can go a...
- Architects lead the next generation of data-driven applications Read this whitepaper to find out how application architects can quickly and confidently deliver long-lasting applications that minimize cost, complexity, and risk while...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Desktop Apps White Papers | Webcasts