The anonymizing network gives some advice following a startling Firefox zero-day vulnerability
IDG News Service - The TOR Project is advising that people stop using Windows after the discovery of a startling vulnerability in Firefox that undermined the main advantages of the privacy-centered network.
"Really, switching away from Windows is probably a good security move for many reasons," according to a security advisory posted Monday by The TOR Project.
People using Linux and OS X were not affected, but that doesn't mean they couldn't be targeted in the future. "This wasn't the first Firefox vulnerability, nor will it be the last," The TOR Project warned.
"This exploit doesn't look like general purpose malware; it looks targeted specifically to unmask Tor Browser Bundle users without actually installing any backdoors on their host," said Vlad Tsyrklevich, a security researcher who analyzed the code, in an email. He published an analysis on his website.
The vulnerability was patched by Mozilla in later versions of Firefox, but some people may still be using the older versions of the TOR Browser Bundle. The bundle's browser, based on Firefox, is specially configured to visit TOR sites, which have URLs that look like "http://idnxcnkne4qt76tg.onion/."
Requests to websites on TOR take a circuitous route through a network of servers around the world designed to obscure a computer's IP address and other networking information that makes it easier to link a computer to a user.
Several TOR Browser Bundle versions were fixed over a four-day period starting June 26. Although the Browser Bundle will automatically check for a new version, it is possible that some users didn't upgrade, which could have put them at risk.
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Desktop Apps White Papers | Webcasts