tor browser | The Tor Blog | Futurist Transhuman News Blog

In May, the Open Technology Fund commissioned iSEC Partners to study current and future hardening options for the Tor Browser. The Open Technology Fund is the primary funder of Tor Browser development, and it commissions security analysis and review for all of the projects that it funds as a standard practice. We worked with iSEC to define the scope of the engagement to focus on the following six main areas:

The complete report is available in the iSEC publications github repo. All tickets related to the report can be found using the tbb-isec-report keyword. General Tor Browser security tickets can be found using the tbb-security keyword.

The report had the following high-level findings and recommendations.

Due to our use of cross-compilation and non-standard toolchains in our reproducible build system, several hardening features have ended up disabled. We have known about the Windows issues prior to this report, and should have a fix for them soon. However, the MacOS issues are news to us, and appear to require that we build 64 bit versions of the Tor Browser for full support. The parent ticket for all basic hardening issues in Tor Browser is bug #10065.

iSEC recommended that we find a sponsor to fund a Pwn2Own reward for bugs specific to Tor Browser in a semi-hardened configuration. We are very interested in this idea and would love to talk with anyone willing to sponsor us in this competition, but we're not yet certain that our hardening options will have stabilized with enough lead time for the 2015 contest next March.

The Microsoft Enhanced Mitigation Experience Toolkit is an optional toolkit that Windows users can run to further harden Tor Browser against exploitation. We've created bug #12820 for this analysis.

PartitionAlloc is a memory allocator designed by Google specifically to mitigate common heap-based vulnerabilities by hardening free lists, creating partitioned allocation regions, and using guard pages to protect metadata and partitions. Its basic hardening features can be picked up by using it as a simple malloc replacement library (as ctmalloc). Bug #10281 tracks this work.

The iSEC vulnerability review found that the overwhelming majority of vulnerabilities to date in Firefox were use-after-free, followed closely by general heap corruption. In order to mitigate these vulnerabilities, we would need to make use of the heap partitioning features of PartitionAlloc to actually ensure that allocations are partitioned (for example, by using the existing tags from Firefox's about:memory). We will also investigate enabling assertions in limited areas of the codebase, such as the refcounting system, the JIT and the Javascript engine.

A large portion of the report was also focused on analyzing historical Firefox vulnerability data and other sources of large vulnerability surface for a planned "Security Slider" UI in Tor Browser.

The Security Slider was first suggested by Roger Dingledine as a way to make it easy for users to trade off between functionality and security, gradually disabling features ranked by both vulnerability count and web prevalence/usability impact.

Original post:

tor browser | The Tor Blog

Tor - Official Site - April 26th, 2014 [April 26th, 2014]
Tor Browser (M-S0FT) - Video - April 26th, 2014 [April 26th, 2014]
Downloading torrents in utorrent using tor browser - Video - April 27th, 2014 [April 27th, 2014]
Tor Browser installieren [Tutorial deutsch] - Video - May 1st, 2014 [May 1st, 2014]
TOR BROWSER KURULUM+KULLANIM - Video - May 1st, 2014 [May 1st, 2014]
tor browser descargar e instalar - Video - May 1st, 2014 [May 1st, 2014]
Entering the Deep Web-Deep Web Url link (2014) - Video - May 6th, 2014 [May 6th, 2014]
Red Onion Tor Browser for iPhone - Video - May 10th, 2014 [May 10th, 2014]
working referral link to agora hidden market place -new url ( onion site ) - Video - May 12th, 2014 [May 12th, 2014]
Tor Browser Free Download/Install|Free Latest Version|64/32 bit Windows|2014 - Video - May 18th, 2014 [May 18th, 2014]
how to install TOR Browser On LINUX - Video - May 18th, 2014 [May 18th, 2014]
Grams Darknet black market search engine demo - Video - May 18th, 2014 [May 18th, 2014]
How to Install the New Tor Browser in Kali Linux - Video - May 18th, 2014 [May 18th, 2014]
How to download and use Tor browser [4K] - Video - May 20th, 2014 [May 20th, 2014]
Free App Lets the Next Snowden Send Big Files Securely and Anonymously - May 22nd, 2014 [May 22nd, 2014]
How to get free 7 day trials for XBL works as of May 2014 - Video - May 23rd, 2014 [May 23rd, 2014]
Free Access to Deep Web (HIdden Wikki)(Tor Browser)-free 2014 - Video - May 27th, 2014 [May 27th, 2014]
Federal Cybersecurity Director Found Guilty on Child Porn Charges - August 31st, 2014 [August 31st, 2014]
Cybersecurity official uses Tor but still gets caught with child porn - August 31st, 2014 [August 31st, 2014]
Softonic - Tor Browser - Download - August 31st, 2014 [August 31st, 2014]
What is the Tor Browser? - Tor Project: Anonymity Online - August 31st, 2014 [August 31st, 2014]
Tor Browser - Problem Connecting? - August 31st, 2014 [August 31st, 2014]
Review: Tor Browser Bundle lets you browse in anonymity ... - August 31st, 2014 [August 31st, 2014]
Guide to using the Tor Browser Bundle for secure communication - Video - August 31st, 2014 [August 31st, 2014]
Hack-Bypass Hotspot (Mikrotik) With Tor Browser - Video - September 3rd, 2014 [September 3rd, 2014]
Using tor-browser on ubuntu 14.04 LTS - Video - September 7th, 2014 [September 7th, 2014]
Download Tor Browser Bundle 3 6 5 For Win, Mac, Linux - Video - September 8th, 2014 [September 8th, 2014]
Browse Anonymously, Browse Safely - The App Center - September 11th, 2014 [September 11th, 2014]
Tor browser NOT SAFE without this quick step - Video - September 12th, 2014 [September 12th, 2014]
Tor Browser for iOS - Free download and software reviews ... - September 14th, 2014 [September 14th, 2014]
Comcast Denies It Will Cut Off Customers Who Use Tor, The Web Browser For Criminals (CMCSA) - September 15th, 2014 [September 15th, 2014]
Comcast calls rumor that it disconnects Tor users wildly inaccurate - September 15th, 2014 [September 15th, 2014]
Why a thinly sourced, unverified report about Comcast has the Web in an uproar - September 16th, 2014 [September 16th, 2014]
Drier: Is Comcast really blocking anonymous Internet browser Tor? - September 19th, 2014 [September 19th, 2014]
Guns, drugs and freedom: the great dark net debate - September 19th, 2014 [September 19th, 2014]
Download and Install Tor Browser Bundle - Video - September 24th, 2014 [September 24th, 2014]
install tor browser for kali linux 1.0.9 - Video - September 27th, 2014 [September 27th, 2014]
TOR Browser: Safe to use 2014? - Yahoo Answers - September 28th, 2014 [September 28th, 2014]
Alex Jones Interviews Creator of TOR Browser- Infowars September 2014 - Video - September 28th, 2014 [September 28th, 2014]
Tor Executive Director Hints At Firefox Integration - September 30th, 2014 [September 30th, 2014]
Dreaming of a Tor Button for Firefox - September 30th, 2014 [September 30th, 2014]
Install tor browser on kali linux - Video - September 30th, 2014 [September 30th, 2014]
How to install TOR browser bundle on sparkylinux 32bit - Video - September 30th, 2014 [September 30th, 2014]
Firefox could be adding built-in Tor support for improved private browsing - October 2nd, 2014 [October 2nd, 2014]
Tor Browser Bundle: Download & Start - Tutorial deutsch - Video - October 3rd, 2014 [October 3rd, 2014]
With This Tiny Box, You Can Anonymize Everything You Do Online - October 13th, 2014 [October 13th, 2014]
Tor Browser Cheat TankPit - Video - October 13th, 2014 [October 13th, 2014]
Anonabox Promises Total Online Anonymity That's Easy, Open Source, and Cheap - October 14th, 2014 [October 14th, 2014]
This tiny box anonymises all your online actions - October 14th, 2014 [October 14th, 2014]
Anonabox promises a portable, streamlined way to use Tor to hide your online tracks - October 14th, 2014 [October 14th, 2014]
Investors flock to tiny device that promises online anonymity - October 16th, 2014 [October 16th, 2014]
How to run all your Internet's programs thru Tor Browser - Video - October 16th, 2014 [October 16th, 2014]
Tails 1.2 : Released with Tor Browser 4.0 - Video - October 20th, 2014 [October 20th, 2014]
Tor Browser 4.0 is released | The Tor Blog - October 25th, 2014 [October 25th, 2014]
Access Blocked site using Tor Browser and chrome [2014] - Video - October 27th, 2014 [October 27th, 2014]
Be Anonymous Online : TOR Browser - Video - October 27th, 2014 [October 27th, 2014]
Menggunakan TOR Browser - Video - October 29th, 2014 [October 29th, 2014]
Facebook Just Created a Custom Tor Link and That's Awesome - October 31st, 2014 [October 31st, 2014]
How to Use Deep Web Using Tor Browser - Video - October 31st, 2014 [October 31st, 2014]
Setup Tor Browser on Mac OS 10 - Video - October 31st, 2014 [October 31st, 2014]
Facebook opens up to Tor users with new secure .onion address - November 1st, 2014 [November 1st, 2014]
How to use the Tor browser and the Open PGP applet - Video - November 1st, 2014 [November 1st, 2014]
Facebookcorewwwi.onion ( Preview ) - Video - November 2nd, 2014 [November 2nd, 2014]
How to use Tor for Facebook (Windows, Mac & Linux) - November 4th, 2014 [November 4th, 2014]
Tor Browser Bundle - Secure your Web surfing - [Free Download] - Video - November 5th, 2014 [November 5th, 2014]
The Law Scores a Victory Against Dark Net Denizens - November 8th, 2014 [November 8th, 2014]
Tor Browser New 4 - Video - November 8th, 2014 [November 8th, 2014]
How to (Install- Enable) Flash Player on Tor Browser - Video - November 9th, 2014 [November 9th, 2014]
Tor Browser New 2 - Video - November 9th, 2014 [November 9th, 2014]
Tor Browser New 1 - Video - November 9th, 2014 [November 9th, 2014]
Developer edition and privacy are Firefoxs 10th birthday present for the world - November 11th, 2014 [November 11th, 2014]
Easily Install Tor Browser 4.0.1 via PPA in Linux Mint 17 - Video - November 11th, 2014 [November 11th, 2014]
Better Tor-gether? Mozillla bids to bring anonymous browsing to the masses - November 12th, 2014 [November 12th, 2014]
How to connect Tor Browser to Country-specific IP Address - Video - November 12th, 2014 [November 12th, 2014]
A Computer Science Professor Found A Way To Identify Most 'Anonymous' Tor Users - November 19th, 2014 [November 19th, 2014]
Tor Browser-in Yuklenmesi ve qurulmasi. - Video - November 26th, 2014 [November 26th, 2014]
| | install tor browser on ubuntu 14 04 - Video - November 29th, 2014 [November 29th, 2014]
Tor Browser 4.5-alpha-1 is released | The Tor Blog - November 29th, 2014 [November 29th, 2014]
Como instalar o Tor Browser- Navegador da Deep Web/Annimo - Video - December 5th, 2014 [December 5th, 2014]
[ExpertProf - THT]Tor Browser Kurulumu Ve Onion'a Girilmesi - Video - December 5th, 2014 [December 5th, 2014]