Page 11234..1020..»

Category Archives: Tor Browser

Brave browsers Tor feature found to leak .onion queries to ISPs – The Daily Swig

Posted: February 21, 2021 at 12:30 am

Jessica Haworth19 February 2021 at 14:27 UTC Updated: 19 February 2021 at 21:33 UTC

Developers are issuing hotfix

UPDATED Brave, the privacy-focused web browser, is exposing users activity on Tors hidden servers aka the dark web to their internet service providers, it has been confirmed.

Brave is shipped with a built-in feature that integrates the Tor anonymity network into the browser, providing both security and privacy features that can help obscure a users activity on the web.

Tor is also used to access .onion websites, which are hosted on the dark net.

Earlier today (February 19), a blog post from Rambler claimed that Brave was leaking DNS requests made in the Brave browser to a users ISP.

Read more of the latest privacy news

DNS requests are unencrypted, meaning that any requests to access .onion sites using the Tor feature in Brave can be tracked a direct contradiction to its purpose in the first place.

The blog post reads: Your ISP or DNS provider will know that a request made to a specific Tor site was made by your IP. With Brave, your ISP would know that you accessed somesketchyonionsite.onion.

Following the disclosure, well-known security researchers including PortSwigger Web Securitys James Kettle independently verified the issue using the Wireshark packet analysis tool.

I just confirmed that yes, Brave browsers Tor mode appear to leak all the .onion addresses you visit to your DNS provider, Kettle tweeted, providing a screenshot for evidence.

Security researcher James Kettle independently verified the Brave browser privacy issue

Considering that the Tor Browser was specifically built to hide a users internet browsing from their ISP, the news has provoked a vociferous response online.

Privacy my ass, wrote Twitter user @s_y_m_f_m, while other called the findings appalling.

The issue has been present in the stable release since November 2020, and was reported in mid January, a Brave developer told The Daily Swig.

INSIGHT Tor security: Everything you need to know about the anonymity network

Since the time of publication, a Brave developer has confirmed that the browser will be releasing a hotfix for the issue.

The issue is already fixed in nightly, the development build of the browser. The developer, @bcrypt on Twitter, wrote: Since its now public were uplifting the fix to a stable hotfix.

Root cause is regression from cname-based adblocking which used a separate DNS query.

The Daily Swig has reached out to Brave for comment, and will update this article accordingly.

This article has been updated to include the information that a hotfix is being issued. An earlier version stated that the issue has been present since 2019, this has been corrected to 2020.

YOU MAY ALSO LIKE BIND implements DNS-over-HTTPS to offer enhanced privacy

Link:
Brave browsers Tor feature found to leak .onion queries to ISPs - The Daily Swig

Posted in Tor Browser | Comments Off on Brave browsers Tor feature found to leak .onion queries to ISPs – The Daily Swig

Metadata, VPNs, and Tor – ACS

Posted: at 12:30 am

You are being watched.

Everything you do online is being captured, stored and analysed in order to determine your personality, preferences, and predict your behaviour.

In this special 3-part Information Age series, we look at the ways your online activity is being tracked and some of the steps you can take to control your personal data.

In the first part of this series, we looked at how your browser choice and configuration can stop advertisers from recording your internet activity by blocking third-party cookies and other site trackers.

With your browser no longer sending data elsewhere, there is another source of potential data leakage: your internet service provider (ISP).

It is established practice in the US for certain ISPs to package its customers browsing data to sell for targeted advertising.

And in 2018 Crikey reported the practice had made it to Australia (hidden behind 'privacy policies') citing a concerned advertising executive who was offered insights derived from Optus customer data.

An Optus spokesperson told Information Age the telco does not sell customers internet usage history to advertisers nor does it share information that directly identifies customers with any third-party for commercial purposes.

But Optuss privacy policy currently says it may analyse anonymous viewing and/or browsing data which could be de-identified and shared with its business partners.

Telstra also says it uses business intelligence techniques to get high level insights about aspects of its network usage including demographic trends and other types of behavioural data which may be shared with its own business and commercial partners.

Of course, advertisers arent the only ones seeking direct access to your internet activity from ISPs.

Metadata retention

Under the Telecommunications (Interception and Access) Act 1979, your ISP is required to store certain information about your internet use for at least two years.

There are six categories of data your ISP has to keep, including: subscriber information; the source and destination (IP addresses) of communications; the date, time, type, and duration; and the location of equipment used during the communication.

For law enforcement this data has obvious use-cases, such as when tracking down people who share child exploitation material, theoretically allowing police to cross-reference instances of illicit behaviour and match them with real-world perpetrators.

ISPs are technically not required to store web browsing histories or the contents of communication under the act in order to allay fears of mass government surveillance but the differentiation between what is information about an internet communication and what are its content is not so clear-cut.

Last year, the Parliamentary Joint Committee on Intelligence and Security completed its review of the mandatory data retention regime, recommending the legislation should be updated to better define what is content or substance of a communication.

This followed revelations that law enforcement agencies were effectively given access to web browsing history, despite that being outside the scope of collection.

In one public committee hearing, Commonwealth Ombudsman Michael Manthorpe whose office provides oversight to the accessing of metadata under this scheme described issues with the scheme.

"The piece of ambiguity we have observed through our inspections is that sometimes the metadata, in the way it's captured particularly URL data and sometimes IP addresses does, in its granularity, start to communicate something about the content of what is being looked at."

Since an ISP is your gateway to the internet, how can you avoid them using your internet history for advertising or passing it onto the government?

A VPN might work

You will no doubt have seen or heard ads for virtual private network (VPN) companies trying to sell their services by creating perceived need for one of their main purposes:

-Unlocking geoblocked content (such as internationally available streaming services)

-Securing your data

-Anonymising your internet use

As far as online anonymity goes, VPNs hide activity data from your ISP by encrypting your service requests and tunnelling them into its private network.

This means your ISP will only see that you are connected to a VPN and the size of data moving back-and-forth but it wont see what websites or services you are accessing within that network.

And because government website blocking is done at the ISP level, VPNs may also act as a way of circumventing restrictions on unlawful piracy or online gambling websites.

VPN companies tend to be headquartered in countries with minimal government oversight in order to avoid regulatory hurdles like mandatory data retention regimes.

Unfortunately, this means taking these companies claims about privacy and security on face value, which brings its own set of problems.

Just last year, security researchers at Comparitech discovered an exposed database from UFO VPN.

Despite the company claiming it did not track or log its customers internet activity, the database revealed UFO VPN was storing account passwords in plain text and keeping records of users IP addresses along with the VPN servers they were connected to.

Typically you also want to avoid any free VPN services as they are likely just designed to harvest and sell web data.

For example Onavo Protect a now-defunct privacy-focused VPN app owned by Facebook told users it would protect and encrypt their user data but instead shuffled that information straight to Facebook for analysis.

Trustworthiness

VPN brands are working hard to establish consumer trust in the growing market in order to stay ahead of opportunistic companies.

NordVPN started contracting independent auditors Pricewaterhouse Coopers (PwC) to double-check its no-log claims a process fellow VPN heavyweight Express VPN copied by having PwC conduct an audit of its systems, too.

ProtonVPN from the same company that operates end-to-end encrypted email service Proton Mail tries to differentiate itself by being open source and allowing security researchers to check under the hood for nefarious features.

And non-profit Mozilla also has its own product, Mozilla VPN but its not yet available in Australia.

Theres no shortage of lists naming the best top or most secure VPNs around the internet, many of which feature NordVPN and ExpressVPN up the top.

But before signing up to the next VPN service being sold to you on a podcast or YouTube video, beware that not all VPNs are created equal.

A decent VPN service will cost you around $10 a month and can be a bit cheaper if you pay annually.

The onion router

If you are interested in anonymous web browsing and dont want to shop around for a VPN, you could always try using the free anonymity network Tor.

Like a VPN, Tor hides the details of your internet activity from your ISP but it will still likely know you are connecting to Tor.

Tor uses onion routing which sees your server requests covered in many layers (hence onion) of encryption.

It is then passed through a relay of networked volunteer computers, each of which peels off a layer of the encrypted request until the last layer of encryption is removed and your request gets fulfilled.

It is then wrapped back up in multiple encryption layers and passed down the relay to your machine.

All these relays will naturally slow down your internet connection.

Tor keeps you anonymous by design because no single point in the relay sees both the sender and receiver which is in stark contrast to ISPs and VPNs, each of which needs to see both sender and receiver in order to deliver the message.

Because of its in-built anonymity features, Tor has long been used for illicit online activity and is host to hidden onion services which can only be reached through Tor and make up part of the infamous dark web.

The underlying Tor software is maintained by the non-profit Tor Project which is funded largely through US government grants, and the most common way to access Tor is by using the Tor Browser.

Do keep in mind, though, that when it comes to remaining anonymous online, how you access the internet is just as important as what you access on the internet.

In Part III: Social media and other sandboxes.

Excerpt from:
Metadata, VPNs, and Tor - ACS

Posted in Tor Browser | Comments Off on Metadata, VPNs, and Tor – ACS

Brave Is Leaking Browsing History From Anonymous Tor Browser – Decrypt

Posted: at 12:30 am

In brief

Brave, a Chromium-based, privacy-first browser that integrates the anonymous Tor web browser, has been leaking private .onion addresses to domain name system providers.

Tor obscures users web browsing activity by bouncing web traffic across a global network of relays. That makes it near-impossible to trace a users web history, making the browser a perfect home for anyone in need of privacy: mostly activists, dark web drug barons and hackers.

But the bug, addressed in a beta and soon-to-be-fixed in a hotfix, leaked all that private information to DNS providers, meaning that internet companies could snoop on their users Tor activity.

This is because Brave, which integrated Tor in 2018, is a Chromium-based browser, meaning it uses the same architecture as Firefox and Google Chrome. This issue has plagued Chromium-based browsers for over a decade and has been found on Brave as far back as 2019.

Braves bug was raised on January 21 after a Hacker One report unearthed the issue. It was resolved, then added to the Nightly version two weeks ago. Nightly is a developer's version of Brave that updates each day.

However, since the bug blew up on Reddit and Twitter today, Brave is bumping it up to the official version.

Brave never professed to be as private as Tor. Brave with Tor does not provide the same level of Privacy as the Tor browser, if your life depends on remaining anonymous, use the Tor browser, said Ryan Watson, Braves VP of IT, two years ago on Reddit.

Tor is more secure because it scrubs digital fingerprints used to identify computers, wrote Watson. Fingerprinting works by hiding in the crowd of other browsers, by using Tor in Brave you have a slightly more unique fingerprint than with Tor browser. Thus making you less anonymous.

He added: [Tors community] also develop and know about security issues before anyone else, so they get the patches first and they make their way downstream to other apps.

Brave has been in hot water for betraying user trust in the past. It redirected some crypto-related search queries to affiliate links, from which it earned kickbacks. It's not great, and sorry again. I'm sad about it, too, tweeted Brendan Eich, the companys fiery CEO after the scheme was unearthed. The bug, however, appears to be an error in code, rather than in judgment.

Read the original post:
Brave Is Leaking Browsing History From Anonymous Tor Browser - Decrypt

Posted in Tor Browser | Comments Off on Brave Is Leaking Browsing History From Anonymous Tor Browser – Decrypt

Tor browser FAQ: What is it and how does it protect your privacy? – CNET

Posted: February 2, 2021 at 7:30 pm

Tor is an "onion-routing" network that protects your privacy online.

If you're new to internet privacy and security, you've still probably already read references to something called Tor -- a widely hailed piece of internet-connected software with its own internet browser. Tor is embraced by privacy aficionados for its reliable encryption and its history of covering users' internet tracks.

At first glance, the terminology around Tor can seem intimidating and alien. Don't worry, though. It's simpler than it seems.

Learn smart gadget and internet tips and tricks with CNET's How To newsletter.

Here's everything you need to know about Tor.

Read more: The best VPN service for 2021

Back in the mid-'90s, when the US Navy was looking into ways to securely communicate sensitive intelligence information, a mathematician and two computer scientists emerged from the Naval Research Lab with something called "onion routing." It was a new kind of technology that would protect your internet traffic with layers of privacy. By 2003, The Onion Routing project, acronymed Tor, was in the hands of the public, where its vast network of users -- the engine enabling Tor -- has since continued to grow.

Today, thousands of volunteers all over the world are connecting their computers to the internet to create the Tor network by becoming "nodes" or "relays" for your internet traffic.

At a basic level, Tor is a type of internet-connected network with its own internet browser. Once you connect to the internet with the Tor browser, your internet traffic is stripped of its first layer of identifying information as it enters the Tor network, and is then sent bouncing through those relay nodes, which serve to encrypt and privatize your data, layer by layer -- like an onion. Finally, your traffic hits an exit node and leaves the Tor network for the open web.

Once you're in the Tor network, it's nearly impossible for others to track your traffic's manic pinballing path across the globe. And once you leave the Tor network via an exit node, the website you view (assuming it has HTTPS in front of its address) isn't sure which part of the world you're hailing from, offering you more privacy and protection.

Read more: The best antivirus protection of 2021 for Windows 10

Normal web browsing is easy with Tor. Head to the official site and download the Tor browser. Follow the installation instructions as you would with any other program. When you open Tor for the first time, the program will ask you to either configure your connection (if you're in a country where Tor has been banned, like China or Saudi Arabia) or simply connect. Once you click connect, Tor may take a few minutes to find a set of relays to connect you through.

But once you're in, you can use Tor just as you would any other browser. You'll also be prompted to review your Tor browser security settings. If you're aiming for maximum privacy, I'd advise leaving the settings on their default selections.

If you start experiencing slower-than-normal speeds, you can nudge Tor into action by checking for a quicker connection path to the website you're trying to view. In the top right corner of the Tor browser, click the three-line menu icon and select New Tor Circuit for this Site.

The privacy-focused Brave browser also has an option to route traffic through Tor when inside a private window.

Read more:Best iPhone VPNs of 2021

Now playing: Watch this: Brave browser gets more private with Tor

1:32

Because Tor is a volunteer-run network, speed can often be an issue. As your traffic moves from node to node, you're likely to notice more speed loss than you would, for instance, with most commercial virtual private networks. This becomes particularly noticeable if you try to watch streaming Netflix content over Tor or make voice-over-IP phone calls or video calls with an app like Zoom. Tor technology isn't necessarily built to provide seamless audio-video experiences.

Speaking of videos, there are also limits to the amount of privacy Tor can offer you if you enable certain browser media plugins like Flash. Likewise, your browser's JavaScript plug-in -- which enables you to view a lot of websites' embedded media -- can still leak your IP address information. Torrenting files with Tor also exposes you to privacy risks. Because of these risks, Tor's privacy settings have these kinds of plug-ins disabled by default.

If you're just looking to do general, daily internet perusal using a browser that will better hide your traffic from spying eyes, Tor probably isn't the best choice due to its slow speeds and incompatibility with most embedded media. But if you're concerned enough about privacy around a particular topic of internet research (and you don't have a VPN), Tor is probably the best choice for you.

In some cases, yes. Most of the time, however, it takes some know-how to be able to configure your VPN's connection to work in harmony with Tor. If you don't get it right, you can risk making both Tor and your VPN ineffective when it comes to protecting your privacy. We recommend getting familiar with both types of software before marrying the two.

On the plus side, however, a successful combination of the two can be useful. While Tor protects your internet traffic, your VPN can be set to encrypt the internet traffic of any other applications running on your device in the background.

To investigate VPNs further, check out our beginner-friendly guide to all the VPN terms you need to know and our directory of the best VPNs of 2021.

Now playing: Watch this: Top 5 reasons to use a VPN

2:42

View post:
Tor browser FAQ: What is it and how does it protect your privacy? - CNET

Posted in Tor Browser | Comments Off on Tor browser FAQ: What is it and how does it protect your privacy? – CNET

How Google and Mozilla are helping to minimise the risk of XSS attacks – ITWeb

Posted: at 7:30 pm

Among the popular online threats, cross-site scripting is one of the classic Web application security vulnerabilities, which is majorly used to gain unauthorised access. Cross-site scripting also known as XSS allows attackers to compromise the interactions of a user with a target vulnerable application.

Though it is one of the common threats, it can allow cyber criminals to wreak havoc on their victims. Under Google's Vulnerability Reward Programs (VRP), a security researcher named Shachar found an XSS bug in Google Maps, which reportedly landed him a total reward of US$10 000. Using the bug, an attacker could have gained access to a users interactions with Google Maps ones travel history and searches if not the access to ones Google account. Thankfully, many companies are working to minimise online threats, and Google and Mozilla are the prime organisations aiming for a more secure Web experience for all.

What is cross-site scripting (XSS)?

In a cross-site scripting attack, an attacker usually masks himself as a victim user to access the users data or carry out unauthorised actions on the users behalf. For example, if the victim user has admin privileges within an application, the attacker might gain complete control over the application, including its data. Or, if the target application is a banking or financial application and the victim user has some funds, the attacker might transfer funds to his account. That is, a cross-site scripting attack allows attackers to perform as much damage as the functionality of the target application and the privileges of the victim user.

In a nutshell, a cross-site scripting attack is mostly executed by manipulating a vulnerable Web site into returning malicious or malformed code to the victim user. When this malicious code runs inside the victims Web browser, the attacker gets full control of the victim users interactions with the target application. This malicious code can come from multiple sources, thus there are three types of cross-site scripting attacks. The first type is called Reflected XSS, wherein the code comes from the current request. The second type is called Stored XSS, wherein the code comes from the Web sites database. The third and last type is called DOM-based XSS, wherein the attacker compromises the client-side code of the application. These types of cross-site scripting attacks only differ in their execution, but they all perform the same level of damage.

How Google and Mozilla are helping

Google and Mozilla are the creators of Blink and Gecko respectively the Web browser engines responsible for driving your experience on Google Chrome and Mozilla Firefox. That is not all, they power a lot more browsers and applications. For instance, Blink is the underlying engine in all Chromium-based browsers like the new Microsoft Edge, Brave, Opera and Vivaldi. Similarly, Gecko lives under the hood of Tor Browser, SeaMonkey and Waterfox, along with Thunderbird the popular e-mail client. That means Blink and Gecko are responsible for more than half of the Web browsers on the planet. And that makes Google and Mozilla driving forces for developing better feature sets to combat online threats.

That said, Google and Mozilla are working towards a post-XSS world by introducing a number of security features in their browsers. According to a blog post on Google Online Security Blog: Over the past two years, browser makers and security engineers from Google and other companies have collaborated on the design and implementation of several major security features to defend against common web flaws. These mechanisms, which we focus on in this post, protect against injections and offer isolation capabilities, addressing two major, long-standing sources of insecurity on the web.

The new security mechanisms include Content Security Policy based on script nonces, Cross-Origin Opener Policy, Fetch Metadata Request Headers, Trusted Types, and some more. These improvements are the hard work of many people over the course of several years, which are being implemented in Google Chrome 83 and Mozilla Firefox 79.

For instance, nonce-based Content Security Policy works by setting a random token for every page load. So, if some part of the Web page is injected by an attacker, the browser will refuse to execute the injected script since it will not present the correct nonce token. This will mitigate any server-side injection like Reflected XSS and Stored XSS. According to Google, nonce-based Content Security Policy helps mitigate exploitation of 30+ high-risk XSS vulnerabilities. And, fortunately, nonce-based Content Security Policy is supported in Google Chrome, Mozilla Firefox and all browsers based on these two browsers. Safari has partial support for nonce-based Content Security Policy, unfortunately.

When nonce-based Content Security Policy is combined with Trusted Types, they prove as battle-tested mitigation against a majority of DOM-based XSS. However, Google Chrome supports both at the time of publication while Mozilla is working towards bringing support for Trusted Types in the Firefox browser. But, unfortunately, Safari supports neither nonce-based Content Security Policy (only partially) nor Trusted Types, neglecting the need of improved security.

Similarly, the other security mechanisms listed above help mitigate many other common Web security threats, including but not limited to cross-site request forgery (CSRF) and XS-leaks a new family of Web privacy-leaking techniques. Of course, that is not all, the works done by Google and Mozilla are going to introduce stricter security for everyone browsing on the supported browsers.

Visit link:
How Google and Mozilla are helping to minimise the risk of XSS attacks - ITWeb

Posted in Tor Browser | Comments Off on How Google and Mozilla are helping to minimise the risk of XSS attacks – ITWeb

Tails OS 4.15 released with updated Tor Browser – Neowin

Posted: January 29, 2021 at 11:27 am

By Paul Hill Neowin Jan 26, 2021 13:12 EST

Tails OS 4.15 has been released today bringing with it updates for the Tor Browser, the Linux kernel and fixes for several issues including USB tethering not working with devices running iOS 14 or later. Luckily, there are no new issues introduced with this version of the privacy-oriented OS but its still affected by long-standing issues.

According to the release notes, there are no new major changes in this update outside of updated software. The only new feature is that you now have the option to press Dont Show Again on the security notification that pops up when you attempt to run Tails on a virtual machine.

This update does come with several critical software patches for things like the Tor Browser which is now on version 10.0.9 (based on Firefox 78.7), Thunderbird has been bumped to 78.6.0, and the Linux kernel now sits on version 5.9.15 bringing support for newer hardware. The new kernel update also addresses a bug that prevented iOS 14 devices from being used for tethering.

To install Tails 4.15, youll either need to follow the guide to setting up a Tails USB to perform a clean install or you can upgrade an existing Tails install. When youve booted up your Tails 4.2 or above USB and connected to the internet, you will be offered the upgrade. If you choose to update, the new version will download and begin to install. If you would like to see whats planned in future updates, check out the Tails roadmap.

View original post here:
Tails OS 4.15 released with updated Tor Browser - Neowin

Posted in Tor Browser | Comments Off on Tails OS 4.15 released with updated Tor Browser – Neowin

Tails 4.15 Anonymous OS Released with Tor Browser 10.0.9 and Thunderbird 78.6 – LXer

Posted: at 11:27 am

The Tails project released today Tails 4.15 as a monthly maintenance release to the amnesic incognito live system based on the Debian GNU/Linux operating system and used for anonymous communications.

Synced with the stable software repositories of the Debian GNU/Linux 10 Buster operating system series, Tails 4.15 is powered by Linux kernel 5.9.15 for improved hardware support and comes with updated core applications, including the Tor Browser 10.0.9 anonymous web browser and Mozilla Thunderbird 78.6 email client.

On top of these updates, Tails 4.15 also improves support for Ledger hardware wallets in the Electrum Bitcoin wallet app, adds USB tethering support for devices running Apples iOS 14 or later to share mobile data, and clarifies the error message about the size of the USB flash drive shown when starting Tails.

Full Story

This topic does not have any threads posted yet!

You cannot post until you login.

Read the rest here:
Tails 4.15 Anonymous OS Released with Tor Browser 10.0.9 and Thunderbird 78.6 - LXer

Posted in Tor Browser | Comments Off on Tails 4.15 Anonymous OS Released with Tor Browser 10.0.9 and Thunderbird 78.6 – LXer

Babuk Locker: Mediocre, But Gets the Job Done – Security Boulevard

Posted: at 11:27 am

New Years ransomware news came early this year, when various media platforms began reporting the discovery of Babuk Locker, the newest ransomware variant to target corporations by encrypting files across network-connected devices andextorting ransom payments. For those hoping to see new ground broken in ransomware technology, Babuk Locker would have come as a disappointment. The code, its execution, the ways the operators communicate with victims and the threats to the stolen data have been labeled unprofessional. This does not mean that the malware is harmless; in fact, the opposite is true.

Babuk Locker was discovered only a few days after most of the West celebrated the new year, but those behind the ransomware had already snatched up a few victims. Victims included an elevator and escalator company, an office furniture manufacturer, a car parts manufacturer, a medical testing products manufacturer and an air conditioning and heating company based in the U.S.

We can thank computer science student Chuong Dong for the analysis; Dongs work is the best resource on Babuk Locker currently available to the InfoSec community. According to Dongs analysis, while the ransomware is fairly standard in terms of what it does and how it does it, the operators have included several common tactics that made strains like Sodinokibi and Ryuk surge in terms of successful infections. Such tactics include the double extortion tactic, hyperthreading and the ability to encrypt files across a victims network. Lets look at each in turn, and how Babuk Locker implements these tactics.

This has been, perhaps, the single most dominant trend in ransomware for the past year. Last year, at about the same time, the Maze ransomware gang (who have now opted for early retirement) began threatening to release stolen data before encryption of data was executed. The threats were soon followed by the gang releasing the data via a data leak site, accessible by other threat actors via a Tor browser. This became known as the double extortion tactic, and has seen wide adoption by almost all the major ransomware gangs targeting large corporate and government networks.

The tactic became synonymous with gangs classified as human-operated ransomware gangs; the term describes ransomware operators who use manual tools to gain access to a network, and slowly increase their network privileges until they can manually execute the malwares encryption protocols for the greatest effect on the target network. The double extortion tactic is an evolution of the human-operated trend. Recently, the tactic has evolved further to include gangs hiring call centers to cold-call victims and pressure them to pay the ransom.

Based on current research, Babuk operators have not gone so far as to cold-call victims; however, they have threatened to release and have released data belonging to victims. Rather than releasing data via a dedicated leak site, the ransomwares operators posted on underground hacker forums announcing, and then releasing, data of victims who refused to pay. Babuk does have a website, but this is used to communicate with victims and negotiate ransom payments. Here, one might view the operation as amateurish, in that all victims communicate via the same text channel so that everyone can see past communication between victims and the attacker.

When ransomware was in its infancy, it tended to only encrypt files locally; that is to say, only files on the infected machine could be encrypted so that the user could not access them. In modern networks, files are shared across the network so that the business can operate. It was only a matter of time before hackers realized that these shared network resources could be encrypted, too, and could effectively halt daily operations. Large organizations like Travelex, according to reports, paid the Sodinokibi gang over $2 million USD when their network was struck in this fashion, and forced the company to suspend many of its services.

Babuk Locker ransom demand message:

Babuk is capable of targeting files across the network through the use of command-line instructions that allow the malware to search across the network for shared resources. The command can also encrypt only local files. If the attacker successfully compromises a network-connected machine with high enough administrative privileges, it can be safely assumed that the attacker will look to encrypt files across the network, as this will cause more damage. The malware uses a combination of SHA256 hashing, ChaCha8 encryption, and Elliptic-curve DiffieHellman (ECDH) key generation and exchange algorithm to protect its keys and encrypt files. This means that, barring a major mistake by the malwares developers, the encryption is solid with no apparent way to decrypt files without the decryption key. This forces victims to either pay or restore from backups. The likelihood that a free decryptor will be released anytime soon is slim.

To further complicate recovering from Baduk Locker, the malware will do several things to help speed up and smooth the encryption process. But, first, before encryption begins, the malware looks for shadow copies and deletes them. Shadow copies are used to help create restore points if something critical happens to the machine so that important data isnt lost; deleting these makes recovery harder for those impacted by a Baduk attack. The malware will also terminate services that prevent file manipulation or alterations, including services associated with security suites that may prevent the malware from doing what it is intended to do.

The list of services targeted includes: vss, sql, svc$, memtas, mepocs, sophos, veeam, backup, GxVss, GxBlr, GxFWD, GxCVD, GxCIMgr, DefWatch, ccEvtMgr, ccSetMgr, SavRoam, RTVscan, QBFCService, QBIDPService, Intuit.QuickBooks.FCS, QBCFMonitorService, YooBackup, YooIT, zhudongfangyu, sophos, stc_raw_agent, VSNAPVSS, VeeamTransportSvc, VeeamDeploymentService, VeeamNFSSvc, veeam, PDVFSService, BackupExecVSSProvider, BackupExecAgentAccelerator, BackupExecAgentBrowser, BackupExecDiveciMediaService, BackupExecJobEngine, BackupExecManagementService, BackupExecRPCService, AcrSch2Svc, AcronisAgent, CASAD2DWebSvc, CAARCUpdateSvc.

Files encrypted by Babuk Locker:

Lastly, if files are in use, they cannot be encrypted not ideal for an attacker looking to encrypt as much as possible to guarantee that daily operations are stopped. To do this, Baduk Locker will terminate running processes that are used to run certain file types that businesses and government organizations rely on.

The processes terminated include: sql.exe, oracle.exe, ocssd.exe, dbsnmp.exe, synctime.exe, agntsvc.exe, isqlplussvc.exe, xfssvccon.exe, mydesktopservice.exe, ocautoupds.exe, encsvc.exe, firefox.exe, tbirdconfig.exe, mydesktopqos.exe, ocomm.exe, dbeng50.exe, sqbcoreservice.exe, excel.exe, infopath.exe, msaccess.exe, mspub.exe, onenote.exe, outlook.exe, powerpnt.exe, steam.exe, thebat.exe, thunderbird.exe, visio.exe, winword.exe, wordpad.exe, notepad.exe.

The act of encrypting files is a noisy affair, and when done en masse, its a key indication that something is wrong. Ransomware operators know this, and often choose to encrypt data when the business is quiet, slow or closed for the day. This is done in the hopes that no one is working; no one will notice and shut down the servers if something appears wrong. This information is gained by compromising the network days or weeks in advance of the attack and encryption process. This is one of the reasons why the final phase of the attack is usually done over weekends, and often in the early hours of the morning.

Other than relying on early hours best left for sleep, hackers have several tricks to make the encryption process go off smoothly. The speed at which files can be encrypted is an advantage, and to achieve this, hackers will abuse a machines hyperthreading capability. Modern CPUs have several cores stacked on top of one another to make processing faster. Each core acts like its own mini processor; the more you have the more tasks can be processed simultaneously. Hackers will use the CPUs hyperthreading ability to encrypt files faster. In practice, hyperthreading, when abused by hackers, is done to process various types of data. That which is easily encrypted is done on one thread, while larger, more complex data is sent to another thread for encryption. This drastically improves encryption efficiency, and reduces the overall time taken.

Babuk takes advantage of hyperthreading by first evaluating the number of CPU cores on the victims machine. Then, it creates a data structure to handle the threads. Dong points out that this method has several flaws, stating,

The first problem with this approach has to do with threads concurrency in an OS. A huge amount of threads can potentially be created for each process. However, in an ideal situation, its better to have one thread running per processor to avoid having threads competing with each other for the processors time and resource during encryption.However, that, by itself, is not that big of a problem if the author implemented a queue-like structure to process encrypting requests to utilize 100% of the victims processing power. Unfortunately, they decided to only spawn one encrypting thread per existing drive.

As theres likely to be more drives than threads created by the malware, Babuk cannot create as many threads as needed to speedily encrypt the targeted data. The malware then reverts to older, less efficient means of traversing through folders to encrypt data. If the malware can create the required number of threads to match the number of drives on the victims machine, the encryption will be a more efficient affair. Researchers will be quick to point out this flaw; however, for those already a victim of Babuk Locker, such discussions will be of little comfort.

Babuk Locker has already proved capable of creating corporate victims, and ransom demands have topped $80,000 USD. This amount is smaller than the take from some of the worlds most dangerous ransomware gangs, but it is not insignificant. While it can be successfully argued that the current version of Babuk Locker is not as efficientand well-coded as other ransomware examples, it still poses a clear danger to business and government networks.

Recent Articles By Author

Read the rest here:
Babuk Locker: Mediocre, But Gets the Job Done - Security Boulevard

Posted in Tor Browser | Comments Off on Babuk Locker: Mediocre, But Gets the Job Done – Security Boulevard

We Have Entered the Age of Anonymous Crypto – Yahoo Finance

Posted: at 11:27 am

Recently, following a change to Whatsapps privacy policy, hundreds of thousands of people from all over the world left for other services. Signal, an encrypted messenger service, saw so many sign-ups that it temporarily crashed.

This was followed by a mass exodus from social media, as Twitter and Facebook became embroiled in a debate on free speech and censorship, a chain of events that may signal a shift in how users value privacy.

Rachel-Rose OLeary is a coder and writer at Dark Renaissance Technologies. She was a tech writer for CoinDesk from 2017 to 2018, covering privacy tech and Ethereum. She has a background in digital art and philosophy, and has been writing about crypto since 2015. The views expressed in this article are her own and do not necessarily reflect those of the publication.

Related: The Future of Money in the Multiverse

Riccardo Spangi or fluffypony, the former lead maintainer of privacy-centric cryptocurrency monero, called this a watershed moment for privacy. People are realizing that you dont get privacy just handed to you. You have to stand up and take it, he told CoinDesk.

For years, topics including anonymity, censorship resistance and decentralization were the purview of political extremists. Armed with a pessimistic, even paranoid outlook, the forefathers of cryptocurrency engineered tools, like Bitcoin, for a world where civilization had fallen.

But now, spurred on by an information crisis and compounding global unrest, privacy has entered popular consciousness.

As on the popular consumer-facing apps such as Signal, activity on the encrypted anonymous internet, the darknet, is on the rise. While its hard to estimate usage due to its anonymity benefits, Tor Browser was downloaded 10% more on average this January than last year. In the past 12 months, the number of hidden websites has increased 180%.

Related: Money Reimagined: Letter to President Biden

Story continues

This rising popularity could be driving an increase in monero transactions. In December, darknet market Whitehouse reportedly announced it would no longer accept bitcoin payments, strengthening moneros foothold as the cryptocurrency of choice for the darknet.

See also: Steven Waterhouse The Pandemic Turbocharged Online Privacy Concerns

In fact, despite being delisted from exchanges Shapeshift and Bittrex, moneros price has steadily grown 140% in the past year, while its daily transactions have increased by a staggering 290%. Zcash has likewise increased nearly 70% in price.

All of this is to say theres a growing demand for privacy. Whats more, the privacy scene has never been more prepared for an influx of users.

Privacy has always been a core value of the crypto-anarchist philosophy. Bitcoin itself was designed to be pseudonymous, but its privacy-protecting features are insufficient to protect users from blockchain analysis.

In the past 10 years, fully anonymous cryptocurrency has emerged as a Holy Grail of blockchain research. Millions in research dollars have been committed, though until recently no purely private cryptos emerged without substantial trade-offs to scalability and decentralization.

Several small, incremental achievements are beginning to come to fruition. Litecoin is testing a potential privacy upgrade, Mimblewimble. Privacy coin Firo, previously named Zcoin, is pioneering new cryptographic research with its recent release of Lelantus.

Meanwhile, earlier this month, Zcash announced its plan to implement Halo 2, a groundbreaking upgrade that will allow the cryptocurrency to add new assets to its base layer, such as an anonymous stablecoin or wrapped versions of other cryptocurrencies while Monero is also building toward a multi-chain paradigm, specifically with privacy implications for Bitcoin through atomic swaps.

Further, while Moneros ring signatures reduce its anonymity, a new upgrade called TRIPTYCH will make this privacy leakage less of a concern.

Bitcoin, too, will see privacy-protecting enhancements with the long-anticipated rollout of its Taproot upgrade. When activated, Taproot will allow smart contracts written in the Bitcoin scripting language to appear like normal transactions, so more complex code can populate the blockchain undetected.

Its not just traditional cryptocurrencies that are undergoing a renaissance. Privacy apps are proliferating on decentralized finance (DeFi) while private smart contract platforms like Secret Network and Aleo are enabling general purpose, programmable privacy.

Can the state withstand a full-blown Bitcoin offensive?

All of these advancements are made possible by significant improvements in privacy tech, especially zero-knowledge cryptography. Having authored the first privacy-oriented Bitcoin wallet in 2013, Amir Taaki has been working on anonymity tech in crypto for nearly 10 years.

Zero-knowledge is probably the biggest breakthrough in cryptocurrency since the invention of Bitcoin itself. It enables an entire new class of privacy applications that previously couldnt exist before, he said.

Advances in privacy tech have the potential to revolutionize not just cryptocurrency, but all aspects of how we interact with the web. The internet is currently dominated by data harvesting and surveillance. In exchange for using a service, user data is collected by companies for increasingly surreal purposes, such as behavior prediction and control.

By offering a new economic vision for technology, the cryptocurrency ecosystem has the potential to challenge this paradigm. Mixnet provider Nym Technologies is working in this direction, offering privacy-friendly applications the ability to monetize their services.

Still, these new vistas will not be without their challenges. For the last year, crypto has been awash with rumors and headlines foretelling an impending regulatory crackdown.

In an interview that coincided with her statement that the European Central Bank (ECB) will release its own digital currency the digital euro within the next five years, ECB President Christine Lagarde called for global bitcoin regulation. Separately, U.S. Treasury Secretary nominee Janet Yellen said that cryptocurrencies are a particular concern for terrorism financing, and stated the need to curtail their use.

Both the U.S. and European Union formerly a privacy stronghold have also floated rules that threaten end-to-end encryption and privately held crypto addresses.

See also: Proposed Crypto Wallet Rule Among Those Frozen by Biden Pending Review

If there was ever a need for strong, unhackable, privacy-preserving tools to be built, its now.

Regulatory pressure may have an unintended consequence by making privacy-preserving cryptocurrencies more attractive. In a scenario where crypto is banned, crypto will merely go underground, where it had its beginnings.

A nightmare scenario for an industry overrun by bankers, such a grim regulatory outlook is widely dismissed as FUD. Not only would this cripple the emerging cryptocurrency ecosystem financially, but it would severely damage its core value propositions: openness, accessibility, being permissionless.

Still, perhaps in anticipation of regulatory crackdowns, Bitcoiners are adopting an increasingly militant rhetoric. Rumors of an impending privacy war have been circulating on Twitter, with cryptocurrency advocates volunteering themselves for the front line.

According to Taaki, such a confrontation is effectively preprogrammed.

I dont see a resolution between an emerging cryptocurrency industry and the state-backed fiat system, he said, These things are [at] loggerheads, and using anonymity to shield participants in a network is of vital importance to our success as a movement.

See also: Michael Casey A World Where Privacy and Saving Lives Can Coexist

The developer of privacy-focused Bitcoin wallet Wasabi, Max Hillebrand, said he is confident Bitcoins users will step up to the challenge. Armed with advanced technology and an ideology capable of carrying its followers to the barricades, he wondered:

Can the state withstand a full-blown Bitcoin offensive?

See more here:
We Have Entered the Age of Anonymous Crypto - Yahoo Finance

Posted in Tor Browser | Comments Off on We Have Entered the Age of Anonymous Crypto – Yahoo Finance

The safest place to play poker – – VENTS Magazine

Posted: at 11:27 am

Cryptocurrency is progressively reshaping the online gambling industry. According to Statista, online gambling market is expected to be worth over $94 billion by the year 2024. This exponential growth is mainly attributed to the players ability to remain anonymous. Torpoker is a web-based poker gaming site which accepts Bitcoin currency.

Security is always the top most concern when dealing with any kind of online financial transaction and online gambling is no different. Torpoker uses PYQT5 open-source development framework to design its GUI and due to its known compatibility, it makes Torpoker support all popular operating system environments. The open-source software means that users can trust the platform and that the code is thoroughly tested and the patch management is efficient.

Furthermore, Torpoker chooses to disable JavaScript in the web application. Although JavaScript is widely used to extend functionality in web applications, it also posses a major security concern on the client side. JavaScript snippets are usually accessible to the user making it vulnerable to exploits with malicious intent. Moreover, JavaScript has a history of lack of proper web browser support since it is interpreted differently by different browsers which may cause unpredictability especially on the client-side.

Online Bitcoin casinos offer a higher degree of security since personal details are not required in order to perform transactions such as transfer of bitcoin, chances of malicious actors gaining access to personal sensitive data is drastically reduced. Moreover, Bitcoin transactions go through security layers which involve multiple verifications and several layers of encryption which protect the whole process. All these security measures contribute the overall reduction of a malicious attack surface

Torpoker is able to guarantee optimum privacy with the only requirement being a unique one-off address for transactions. The complete hashing of all wallet IDs and their corresponding transactional IDs allows for pseudo-anonymity among all user-user transactions. Hence, all Bitcoin transactions are completely anonymous and secure. Moreover, players have an assurance of transparency since all transactions are routed to a public ledger offering an additional layer of protection. Additionally, it is advisable to use the web application in tor browser which encrypts data through the network of relay nodes

In order for players to access their wallets securely, it is always recommended to access them only through trusted private networks since the private keys mostly use cloud storage. Once the wallets are securely accessed then Bitcoin transactions can made through the address provided by Torpoker. This means that users may be the weakest link since poor storage of wallets or dubious cryptocurrency exchanges may cause unauthorized access which may result in a loss of coins. Most security breaches associated to Bitcoin and other cryptocurrencies happen mostly on cryptocurrency exchanges and not necessarily of gambling sites which makes Torpoker incredibly secure. Torpoker offers even more security by providing dedicated private servers for rent which gives the players the ultimate control over privacy and security.

Go here to see the original:
The safest place to play poker - - VENTS Magazine

Posted in Tor Browser | Comments Off on The safest place to play poker – – VENTS Magazine

Page 11234..1020..»