Page 3«..2345..1020..»

Category Archives: Tor Browser

Tails 4.5 Is Out: Run The Live Operating System With Secure Boot – Fossbytes

Posted: April 11, 2020 at 7:47 pm

Do you care about your anonymity and you use a Linux distro as your daily driver? Well then, you must be aware of the security-focused Debian Linux-based Tails operating system. If not, check out the latest version of Tails 4.5 which you can run directly from your USB stick without installation.

The new version 4.5 comes with several security bug fixes and vulnerabilities. Most importantly, the upstream Debian security flaws such as BlueZ and GnuTLS which allow attackers to access the target host system.

Other security updates include support for secure boot. You can now run Tails on your computer with secure boot enabled. This means your Original Equipment Manufacturer (OEM) firmware only allows the booting of authorized software.

Lastly, software packages such as the Tor browser and Firefox have been updated to their newer versions. Read the official release notes here for complete details.

The latest version fixes numerous security vulnerabilities. Hence, you must upgrade your system to v4.5. Though automatic upgrades are available from Tails 4.2 or later to 4.5, you can follow the manual upgradeas well.

For fresh installation on a new USB stick, you can follow the instructions for your respective operating system Windows, macOS and Linux.

Following the tradition of new releases every month, Tails 4.6 is scheduled to be released on May 5. For more details, you can check out the next release roadmap here.

Read this article:
Tails 4.5 Is Out: Run The Live Operating System With Secure Boot - Fossbytes

Posted in Tor Browser | Comments Off on Tails 4.5 Is Out: Run The Live Operating System With Secure Boot – Fossbytes

This Week In Security: Zoom (Really This Time), Fingerprints, And Bloatware – Hackaday

Posted: at 7:47 pm

You were promised Zoom news last week, but due to a late night of writing, that story was delayed to this week. So whats the deal with Zoom? Google, SpaceX, and even the government of Taiwan and the US Senate have banned Zoom. You may remember our coverage of Zoom from nearly a year ago, when Apple forcibly removed the Zoom service from countless machines. The realities of COVID-19 have brought about an explosion of popularity for Zoom, but also a renewed critical eye on the platforms security.

Zoombombing, joining a Zoom meeting uninvited, made national headlines as a result of a few high profile incidents. The US DOJ even released a statement about it. Those incidents seem to have been a result of Zoom default settings: no meeting passwords, no waiting room, and meeting IDs that persist indefinitely. A troll could simply search google for Zoom links, and try connecting to them until finding an active meeting. Ars ran a great article on how to avoid getting zoombombed (thanks to Sheldon for pointing this out last week).

There is another wrinkle to the Zoom story. Zoom is technically an American company, but its Chinese roots put it in a precarious situation. Recently its been reported that encryption keying is routed through infrastructure in China, even though the calling parties are elsewhere. In some cases, call data itself goes through Chinese infrastructure, though that was labeled as a temporary bug. Zoom was also advertising its meetings as having end-to-end encryption. That claim was investigated, and discovered to be false. All meetings get decrypted at Zoom servers, and could theoretically be viewed by Zoom staff.

Why does it matter? Is this just anti-Chinese rhetoric? Well, no. When a service like Zoom is hosted on a server in a given country, that service is subject to that countrys laws. China has a rather dismal history of abusing communications infrastructure to spy on and persecute its own citizens. (I am aware that the US has a dismal history there as well. Im not excited about my conversations being in the clear on a US server, either.) While thats not necessarily a huge problem for a school doing distance learning, government leaders should probably avoid holding cabinet meetings over the service.

Its a Hollywood trope at this point. Our hero has to infiltrate the super secret organization, and to get in, he has to defeat a fingerprint scanner. No problem, the hero has lifted a fingerprint earlier in the movie, and with a bit of ingenuity, fools the fingerprint scanner. Thats just the movies, and real fingerprint readers are more secure, right? Well, the Talos group at Cisco put the myth to the test. They used a 25 micron UV 3d printer to make a series of molds, and then tried different materials to cast the fake prints. A fabric glue seemed to work the best, as it was able to fool capacitive sensors as well as visual.

A mold could be calculated and printed in an hour in 25-micron resolution. There is some additional time for the cast itself to set, and they conclude that the attack isnt something that can be performed quickly.

Phones seemed to fare the worst, with a success rate somewhere around 80%. Of particular interest is the devices that were difficult to compromise. Interestingly, Windows Hello, a part of Windows 10, was entirely resilient to their attacks. The Talos researchers suggest that the key here is the comparison algorithm used to compare the scanned fingerprints. Another winner was the pair of USB keys that use a fingerprint scanner to unlock the stored data. Those keys also shrugged off this attack. The Talos researchers made sure to point out that this doesnt mean that these devices are secure against this type of attack. Their work was intentionally low-budget, and its likely a more determined, well-funded attacker could overcome the rest of the devices.

But even if you just want to play around with this at home, with a little effort you can fool face and iris recognition yourself. And all this aside, you shouldnt have to use biometric information in place of passwords anyway.

Running Firefox or the Tor browser anywhere? Go update now, make sure you on 74.0.1 or better (or 68.6.1 if youre using Firefox ESR). There are a pair of use-after-free bugs that are being actively exploited. There arent many more details available at the moment, possibly because of related bugs that still need to be fixed. According to the researcher that found the bugs: There is still lots of work to do and more details to be published (including other browsers). Stay tuned.

On the Google side of the fence, the big news is that the new same-site cookies policy is being rolled back. The Chrome blog has a link to a great explainer of the potential problem with 3rd party cookies, and how the samesite policy changes can help.

A novel paper came across my digital desk this week (PDF) that introduces a new way to ask an old question: What secrets is this closed-source app hiding? Weve talked about backdoors, hard-coded passwords, and hidden administrator menus in the past. Most of the time, these are unintentional; bits of debugging code that were forgotten about and never removed. In the linked paper, a technique was developed to examine the input validation code of an app, looking for hidden hardcoded options.

For example, a 3rd party screen lock will take user input, and then make a system call to compare that input against the system password. If there is a string compare that happens before the expected system call, then there might be a secret backdoor password hard-coded into the app. In another example, a translation app had a secret menu, unlocked by entering a hardcoded key, where debugging tasks could be done, like disabling ads.

After scanning 150k Android apps, about 12k were discovered to have hardcoded backdoors, passwords, or debugging menus. In other words, just over 8% of the most popular Android apps have some suspicious behavior built-in.

Via Heise Online

Ahhh, theres not many things that satisfy quite like unboxing new hardware for the first time. You finally pulled the trigger on a new laptop, and now its ready to boot up for the first time. Many of us have a similar policy in these situations: Boot the laptop, uninstall the OEM bloatware. If that isnt your habit, then maybe[Bill Demirkapi]s research on HP bloatware will convince you.

Theres quite a bit here, but the most interesting attack chain, an RCE, takes advantage of some seemingly unrelated issues. The first is an open redirect on HPs site. This seem innocuous enough. https://ers.rssx.hp.com/ers/redirect?targetUrl=https://google.com” would automatically redirect you to Google. The second issue is an HP service that registers a custom URL protocol. That protocol downloads and runs or opens the downloaded file. Before starting the download, there is check run that this download is coming from an HP domain. The open redirect comes in handy here, as the redirect is followed after that domain check is performed. An official looking link can then trigger HPs update downloader, which then will automatically open a downloaded zip file. Yes, it requires two interactions to compromise, but is a clever chain nonetheless.

Yet another installment of our Coronavirus scamming story. This week well look at emails claiming to be from the US Small Business Administration (SBA).

I received this email Tuesday the 7th, and took a moment to realize it was a fake. The first giveaway is that the attachment is a .img, rather than a PDF or other image file. That disk image contains a SBA_Disaster_Application_Confirmation_Documents_COV_Relief_doc.exe executable. There are a few other tip-offs that this probably isnt a legitimate communication, like the spelling of centres and endeavour, using the British spellings. The last, and perhaps most obvious flaw, is that the date has already passed.

Hold on to your hats, because were about to speculate. You see, this email came in only a few hours after I filled out some online paperwork for an Economic Injury Disaster Loan, on the official SBA website. I very nearly fell for this, because the timing was so spot-on. It appears that the SBA is leaking information about grant applicants, and someone is using that leak to run a phishing campaign.

More here:
This Week In Security: Zoom (Really This Time), Fingerprints, And Bloatware - Hackaday

Posted in Tor Browser | Comments Off on This Week In Security: Zoom (Really This Time), Fingerprints, And Bloatware – Hackaday

Apple blocks third-party cookies in Safari – ZDNet

Posted: March 26, 2020 at 6:30 am

Image: Nobbby

Starting today, with the release of Safari 13.1 and through updates to the Intelligent Tracking Prevention (ITP) privacy feature, Apple now blocks all third-party cookies in Safari by default.

The company's move means that online advertisers and analytics firms cannot use browser cookie files anymore to track users as they visit different sites across the internet.

But Apple says the move isn't actually a big deal, since they were already blocking most third-party cookies used for tracking anyway.

"It might seem like a bigger change than it is," said John Wilander, an Apple software engineer. "But we've added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari."

Apple's Safari has now become the second browser -- after the Tor Browser -- to block all third-party cookies by default for all its users.

However, while Apple was quicker to block third-party cookies in Safari, Google is actually the one who pushed browser makers towards making this move in the first place, in a May 2019 blog post.

At the time, Google announced plans to block third-party cookies by default in Chrome and in the Chromium open-source project, on which multiple other browsers are built.

Google released Chrome v80 at the start of February with support for third-party cookie blocking (under the name of SameSite cookies), but the feature won't fully roll out to all Chrome's users until 2022.

Microsoft's Edge, which runs a version of Google's Chromium open-source browser has also begun gradually blocking third-party cookies as well, but the feature is not enabled by default for all its users either.

Apple's decision today doesn't mean that Safari now blocks all user tracking, but only tracking methods that rely on planting a cookie file in Safari and (re-)checking that cookie time and time again to identify the user as he moves from site to site.

Other user tracking solutions, such as user/browser fingerprinting, will most likely continue to work.

Nonetheless, this is a major step in the right direction. With Google, Safari, Microsoft, and all the other Chromium-based browsers on board, now, the vast majority of current web browsers block third-party cookies or are on their way towards full blocks.

"This update takes several important steps to fight cross-site tracking and make it more safe to browse the web," Wilander explained in a Twitter thread today.

"First of all, it paves the way. We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap.

"Second, full third-party cookie blocking removes statefulness in cookie blocking.

"Third, full third-party cookie blocking fully disables login fingerprinting, a problem on the web described already 12 years ago. Without protection, trackers can figure out which websites you're logged in to and use it as a fingerprint," Wilander added.

"Fourth, full third-party cookie blocking solves cross-site request forgeries. This is one of the web's original security vulnerabilities and discussed in communities like OWASP for well over a decade. Those vulnerabilities are now gone in Safari."

More on the move and what it means to developers and website owners is available in the WebKit team's blog post.

Go here to see the original:
Apple blocks third-party cookies in Safari - ZDNet

Posted in Tor Browser | Comments Off on Apple blocks third-party cookies in Safari – ZDNet

Dark Web A cyber heaven of criminal activity – The Financial Express BD

Posted: at 6:30 am

Md Hafez | Published: March 20, 2020 20:36:23 | Updated: March 20, 2020 20:37:54

The Internet refers to the global system of interconnected computer networks that use the Internet protocol suite (TCP/IP) to link devices worldwide. It has brought massive revolution in our communication system and made our life easier. In almost everything we do, we use the Internet ordering a T-shirt, buying a mobile phone, sharing a moment with a friend, sending a picture over instant messaging. Before the Internet, if we wanted to keep up with the news, we had to walk down to the newsstand when it opened in the morning. But today a single click is enough to read local paper and any news source from anywhere in the world, updated up to the minute. According to Bangladesh Telecommunication Regulatory Commission (BTRC), the total number of Internet subscribers has reached 165.615 million at the end of January, 2020 from 157.544 million at the end of January, 2019.

At a first glance, the internet may seem like a cyber haven for the common people but reality is entirely different. Actually, it works as a double-edged sword, where the opportunity cost of convenience is cascading threats of cyber crimes; around 2,044 cases were filed with different police stations and the cyber tribunal over last six years, according to Cyber Tribunal (Bangladesh) data but the number of cybercrime cases was only three in 2013. Therefore, it is a high time to thoroughly understand this cyber world, spotlighting the cautionary tales.

The internet has three main parts namely surface web, deep web, and dark web. The surface web makes up about 10% of the whole internet, and includes anything that anyone can find by entering terms in a search engine like Google or Yahoo. The deep web is simply where information is stored that is not easily accessible by anyone. This includes anything that is protected by a password such as personal email, online banking, or other such sites. This section actually makes up the majority of the web. The dark web, a subset of deep web, is anything that is not accessible by standard browsers like Google Chrome or Firefox. Any type of information can reside on the dark web, it's merely dark because of its more limited accessibility.

The dark web attracts users who seek anonymity when conducting business. Motives of such anonymity can be noble, such as with journalists seeking to interview citizens of repressive countries, where communications are monitored. Contrarily, the anonymity of the dark web attracts criminal actors like drug-dealers, hackers, and child pornography peddlers. There is also a growing service economy within the dark web in which hit-men and other illegal operatives advertise their services in ways they could not do over conventional channels. These aspects should be enough for law enforcement agencies in Bangladesh, especially Counter-terrorism and Transnational Crime unit, to seriously keep an eye out on what's happening on the Dark Web. Any negligence would be the serious blunder.

People who are unaware about the mysterious Dark Web may think that complicated coding procedure is required to enter the dark web. Getting to the dark web is actually a lot easier than we might think. It's simply done by downloading a special software named as TOR browser (The Onion Router) which is totally free of cost. The dark web site is different from other website in terms of top level domain suffix. For example, the normal web site address ends with .com or .org but dark web address ends with .onion. 'TOR" servers are undetectable from search engines and offer users complete anonymity while surfing the web. These more secured features of anonymity in dark web attract criminals to perform commit crimes frequently. The dark web has flourished by bitcoin, the crypto-currency that enables two parties to conduct a trusted transaction without knowing each other's identity.

Surprisingly, 23 October, 2019, the BBC launched an .onion version (bbcnewsv2vjtpsuy.onion) of its news website on the TOR anonymizing network aimed at readers based in countries that ban its services. In October 2014, Facebook announced that users could connect to the website through a TOR onion service using the privacy-protecting TOR browser and encrypted using HTTPS. Now anyone with a TOR-enabled internet browser can visit https://facebookcorewwwi.onion/ to get a secure connection to Facebook's servers that provides end-to-end encryption. Ideally, this means that TOR users, some of whom may be using the software to circumvent government restrictions of the internet in places such as China, Iran, will be able to get onto Facebook reliably and without worrying about leaking their identifying information. For instance, if you open a Facebook account from Bangladesh using "facebookcorewwwi.onion"- it can appear that you're in U.S.A. Thus, it will create a safe cyber heaven for hackers and crackers who can fulfill their evil interests.

In Bangladesh, everyday many teenagers are victimized by a group of hackers who use TOR server to hack Facebook account and start blackmailing in different ways. The victims don't get help from the law enforcement agencies because they can't identify hackers. Therefore, it is a right time to take initiatives by law enforcement agencies in Bangladesh to increase surveillance on what is happening on the dark web. Otherwise, militants, terrorists, fundamentalist groups and hackers come back strongly which will be out of control.

Md. Hafez is Assistant Professor, at the School of Business, Ahsanullah University of Science and Technology, Email: hafez_du94@hotmail.com

Link:
Dark Web A cyber heaven of criminal activity - The Financial Express BD

Posted in Tor Browser | Comments Off on Dark Web A cyber heaven of criminal activity – The Financial Express BD

Install the privacy-focused Tor Browser on your Chromebook in 4 simple steps – Chrome Unboxed

Posted: March 24, 2020 at 5:05 am

More and more, security and privacy are becoming important factors for users looking to choose a web browser. While most major browsers such as Chrome, Firefox and Edge will allow users to limit the amount of data that is shared and what traces are left from browsing, that isnt the default behavior. For those wanting a more private browsing experience with the addition of relative anonymity, Tor Browser has become one of the most popular alternatives out there.

Im not that familiar with the internal workings of the Tor Browser but Ive seen a lot of users wanting to install it on their Chromebooks. So, Ive done a little research on how the Tor Browser works and why youd want to use it and threw together a quick tutorial on how to install it on a Linux-enabled Chromebook. First, well cover what Tor is not. The Tor Browser does NOT block ads like browsers such as Brave. The Tor Browser will protect your personal data, browsing history and behavior which will eliminate curated advertising but you will still see ads on websites.

The Tor Browser anonymizes user traffic with a network of circuits that sends as receives encrypted data that essentially hides the source IP. Tor also deletes all site data and cookies when the browser is closed and users can customize how much if any personal data can be utilized by the browser and websites that are accessed. Combined with a VPN like NordVPN, the Tor Browser is a powerful tool to help users stay completely anonymous online. Theres a lot more to the Tor Browser than I care to cover here but Toms Guide has a great breakdown of how Tor works and even how you can host a Tor relay to help expand the entire network.

While Tor may have gained popularity with some of the darker corners of the web, its equally useful for those who are simply concerned about privacy. As a matter of fact, an increasing number of government agencies are using Tor to assist in victim advocacy as the nature of the browser makes cyber-stalking quite difficult. Anyway, were here to figure out how to install the Tor Browser on a Chromebook. So, lets get started.

Shop All The Latest Chromebook Deals

This may be beating a dead horse but I never want to assume that someone reading this has already setup Linux on their Chromebook. If you are new to installing Linux (Beta) on Chrome OS, you can find the quick and simple setup guide here. Now, the Tor Browser doesnt live in the main Buster repository but thats okay. Where theres a will, there is a way and I have a way. You can technically install Tor using the tarball but it gets a little tricky once its unpacked. The method were going to use today only requires four commands in the terminal and then, youll be up and running.

First, we will have to add the repository that contains the Tor Browser. For this, were going to add the Buster backports. Whats a backport? Essentially, Debian backports are packages taken from the next release of the distro. Chrome OS users Debian 10 a.k.a. Buster. The next release, Debian 11, is named Bullseye. The backport for Buster comes from Bullseye. You can add the backports by editing the sources.list with a text editor but the easiest way is to run the following command.

Next, we will update the packages and install the Tor Browser. You can do this as two separate commands or in one single line. For our purposes, I will list the single line that will perform both functions. Paste the following into the terminal and hit enter.

All we have to do now is launch Tor and go through the initial setup. Once youve done this, you will find the desktop icon in your app launcher. Start Tor from the terminal with the following command. If youre a Firefox user, Tor may feel a bit familiar to you as it is built off of the same engine.

Note: If you want to remove the backports after installation, run this command in the terminal. sudo rm /etc/apt/sources.list.d/backports.list

This is another great example of how the addition of Linux apps has exponentially increased the capability of Chrome OS and in turn, opened the door to a wide range of new users. I know Ive said it before but I love tinkering with Crostini. If you have an app youd like me to test out, drop a comment or shoot us an email. I find a lot of these applications by simply poking around the web and looking at what users are trying to do on their Chromebooks. Its awesome to find ways to install and use these apps so users can get the most out of their devices.

Go here to see the original:
Install the privacy-focused Tor Browser on your Chromebook in 4 simple steps - Chrome Unboxed

Posted in Tor Browser | Comments Off on Install the privacy-focused Tor Browser on your Chromebook in 4 simple steps – Chrome Unboxed

NetAbstraction Announces Support for Private and Secure Access to the Dark Web #48955 – New Kerala

Posted: at 5:05 am

NetAbstraction has expanded the number of network egress nodes available to customers to include a TOR egress node, which enables private, secure and isolated access to Dark Web sites via a native Firefox, Google Chrome or Safari browser.

NetAbstraction's malware-protected browsing solution provides end-to-end privacy and security for online research, investigations and Dark Web activities. Leveraging browser isolation technology and NetAbstraction's obfuscated network, customers can isolate their Internet activity to a one-time use Virtual Machine (VM), and insulate their networks and devices from cyber threats, tracking cookies and Internet privacy risks. NetAbstraction's TOR egress node enables customer to browse dark-web sites, in a private and isolated fashion, directly within their native web browser.

For commercial organizations and government agencies interested in performing investigative research, intelligence collection or other activities on the Dark Web, it is clear; simply using the TOR browser does not protect anonymity or local networks from cyber threats. NetAbstraction's Malware Protected Browser solution and disguised network connectivity provide the isolation and network segmentation needed to prevent traceability while operating on the Dark Web.

NetAbstraction Capabilities

NetAbstraction is a cloud-based Network Privacy-as-a-Service offering that makes businesses a difficult target for hackers, search engine optimization companies and adversaries by disguising and dynamically shifting network communications.

NetAbstraction does this by transparently distributing communications within and across multiple clouds, and regularly churning the underlying network infrastructure.

This process obscures enterprise information, origination location and identity, and enables enterprises to confidently conduct secure business on the internet.

Key Features

Interface agnostic currently supporting Lightweight Browser Plugin, OpenVPN, Mobile routers, and Custom User-Defined solutions.Carrier-class network performance enables lossless streaming video and real-time access to all forms of Internet content.Leverages multiple cloud providers for ingress and egress to provide a range of persona management options.NetAbstraction is NOT a Proxy!

Original post:
NetAbstraction Announces Support for Private and Secure Access to the Dark Web #48955 - New Kerala

Posted in Tor Browser | Comments Off on NetAbstraction Announces Support for Private and Secure Access to the Dark Web #48955 – New Kerala

Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn’t – ZDNet

Posted: March 14, 2020 at 9:48 am

Image: Tor Project

The Tor Project warned users yesterday about a major bug in its browser that may execute JavaScript code on sites that users have specifically blocked JavaScript from running.

Tor developers said they are working on a fix; however, they did not provide a timeline for a patch.

The ability to block JavaScript code execution is a crucial security feature of the Tor Browser Bundle (TBB), a browser with enhanced privacy-preserving features that also masks real IP addresses (locations) to keep users anonymous online.

Because of these features, the browser is often used by journalists, political activities, and dissidents in oppressive countries, as a way to skirt firewalls and online censorship.

In the past, there have been exploits that used JavaScript code to unmask a Tor Browser user's real IP address. Some have been used to target and unmask criminal activities [1, 2], while others were used in mysterious circumstances [1, 2].

Yesterday, the Tor team said they found a bug in TBB's security options. When the browser was configured to use the highest security level (called "Safest"), it still allowed JavaScript code to execute, even if it should have blocked it.

"We are aware of a bug that allows JavaScript execution on the Safest security level (in some situations)," the Tor team said.

"We are working on a fix for this. If you require that JavaScript is blocked, then you may completely disable it."

To completely disable JavaScript execution in the Tor Browser, the Tor team provided the following instructions:

See original here:
Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't - ZDNet

Posted in Tor Browser | Comments Off on Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn’t – ZDNet

Tails 4.4 has been released with new Tor Browser version – Neowin

Posted: at 9:47 am

The Tails OS project has announced the availability of Tails 4.4. The new update doesnt bring any groundbreaking changes but it does fix many security vulnerabilities that were detected since the last update. Some of the main packages to be updated are Tor Browser (9.0.6), Thunderbird (68.5.0), and the Linux kernel (5.4.19). According to the release notes, users are advised to upgrade as soon as possible.

In the past, in-place updates on Tails have been a bit hit-and-miss and users have sometimes been forced to perform a manual upgrade; this time around, those running Tails 4.2, 4.2.2, and 4.3 to 4.4 will be able to perform an automatic upgrade. As soon as you connect to the internet you should be notified that an update is available and be given the option to execute it.

With the new Linux kernel update, newer hardware will be supported. Additionally, an issue has been fixed which prevented those with Realtek RTL8822BE and RTL8822CE chipsets from connecting to the Wi-Fi. The project has requested feedback from users who have experienced Wi-Fi connection issues since Tails 4.1, itd like to know if your issues are now resolved, you can get in touch here.

Tails and the Tor Browser are usually updated a day after Mozilla updates its Firefox web browser, therefore, Tails 4.5s release is already pencilled in for April 7. If youd like to learn more about where the project is headed in the long-term, check out its roadmap.

Link:
Tails 4.4 has been released with new Tor Browser version - Neowin

Posted in Tor Browser | Comments Off on Tails 4.4 has been released with new Tor Browser version – Neowin

The Tor team reports a Tor browser error that runs JavaScript in places that it should not – Mash Viral

Posted: at 9:47 am

Image: Project Tor

The Tor project yesterday warned users about a major browser bug that could execute JavaScript on sites that were specifically blocked by users from running JavaScript.

Tor developers said they are working on a solution; however, they did not provide a timeline for a patch.

The ability to block JavaScript execution is a crucial security feature of the Tor Bundle Bundle (TBB), a browser with improved privacy protection features that also masks actual IP addresses (locations) to keep users anonymous. line.

Because of these features, the browser is often used by journalists, political activities and dissidents in oppressive countries, as a way to protect firewalls and online censorship.

In the past, there have been efforts that used JavaScript to mask the actual IP address of a Tor browser user. Some have been used to target and unmask criminal activities (1, 2), while others have been used in mysterious circumstances (1, 2).

Yesterday, Tors team said they found an error in TBBs security options. When the browser was configured to use the highest level of security (called safest), it still allowed JavaScript to run, even if it should have been blocked.

Image: ZDNet

We are aware of a bug that allows JavaScript to be run at the most secure level (in some situations), said Tors team.

We are working to fix this. If you need JavaScript to be blocked, you may need to disable it completely.

To completely disable JavaScript in the Tor browser, the Tor team provided the following instructions:

Link:
The Tor team reports a Tor browser error that runs JavaScript in places that it should not - Mash Viral

Posted in Tor Browser | Comments Off on The Tor team reports a Tor browser error that runs JavaScript in places that it should not – Mash Viral

Want to browse the web privately? Heres how to do it for real – Yahoo Tech

Posted: at 9:47 am

When it comes to browsing the Web without leaving a trail, there is a lot of noise out there. Advice varies from getting a VPN to disabling cookies, to utilizing the Private Browsing mode within the browser of your choice. But which of these tools actually work? And how do they work? The truth is, different tools prevent different kinds of tracking.

There are other methods, but these are the main tracking tools as of this writing. Knowing which privacy tools to use depends on which of these things youre concerned about. Lets go through all the different tools you can use to browse the Web privately, and go over what they do and dont do to protect your privacy.

What itdoes: Opens a new browser session that isnt signed into any accounts and doesntutilizecookies. Activity in private browsing mode is also not added to your browser history.

What itdoesnt do: Stop sites from tracking your IP address.

Your Web browser keeps track of every site you visit, and stores a complete list of those sites in your browser history. This can be a very useful tool for finding back websites youve visited, and its also used to populate the auto-suggestions you see every time you start typing a URL.

private-browsing-incognito

Sometimes, however, you might want to browse the Web without your browser keeping track of all your activities. Thats where Private Browsing comes in.

This feature has different names on different browsers on Chrome, its called Incognito Mode, on Internet Explorer, its called InPrivate but acts basically the same on all of them. A new browser window opens, and none of your activity in that window is added to your browser history. Any accounts youre signed into in your other browser windows are not signed into in the Private Browsing window, meaning you cant be tracked as a user of those sites. And your cookies are not visible while using Private Browsing, meaning sites cannot track you this way.

private-browsing-firefox

So, Private Browsing mode does quite a few things if you want to quickly browse the Web without being tracked by your accounts or by cookies. However, it does not obscure your IP address. Any site you visit can still keep a record of your IP address, which could, in turn, be used to identify you.

Story continues

What itdoes: Kindly asks sites if they will not track you.

What it doesnt do: Actually stop sites from tracking you.

Dig through your browsers settings and youll find the option to turn on something called Do Not Track. You might think that turning this on will prevent sites from tracking you entirely, but sadly, thats not the case.Do Not Track is something thats a great idea in theory, but one that hasnt worked well in practice.

The idea was to give browsers an optional setting where users could state that theyre not comfortable being tracked. Sites would agree not to track such users, giving users just a bit more control over their information.

Unfortunately, the list of sites that respect Do Not Trackis laughably small. Turning this feature on doesnt hurt in terms of hiding your identity, but it also wont help much.

ghostery-tracking-block

There are alternatives to Do Not Track that actually block trackers, the most famous of which areGhosteryandPrivacy Badger. These are browser extensions that show you which services are tracking your Web traffic on any given page, and give you the power to block trackers at will.

What theydo: Obscure your IP address and encrypt your traffic.

What they dont (necessarily) do: Stop your traffic from being logged by the VPN itself, or by any sites youre signed into. Stop you from being tracked by cookies, user accounts, or your user agent string.

You cant use the Web without an IP address, as sites would not know where to send the information you request, thus breaking your Internet connection. That said,you can obscure your IP address using a VPN service. AVPN, or Virtual Private Network, routes all of your Internet through another computer. This means that, so far as the sites you visit are concerned, your IP is that of your VPN. Because thousands of other VPN users are also using the same IP address, anyone trying to trace your activity cant do so using your IP alone.

This isnt a solution to all potential tracking, however. If youre logged into Google, for example, that company will be able to track your activity using your account. Furthermore, using a VPN does nothing to protect you from being tracked by cookies, or your user agent string.

Its also worth noting that not all VPNs are created equal. Some have publicly committed to not keeping logs of their users activity, while others have not. There have also been security problems that have revealed useridentities on more than a few major VPNs.

Some easy-to-use services that currently have strong security reputations includeNordVPNandPrivate Internet Access, but ultimately its up to each user to decide which services they trust. Do your homework before routing all of your traffic through any of these services.

What itdoes: Routes your traffic through other users computers.

What it doesnt do: Keep you anonymousoutside the TOR browser.

Using a VPN is just one option for obscuring your IP address.TOR is another. Theservice encrypts your traffic, and your IP address, before routing it through three randomly selected exit nodes. Everything is also re-encrypted at every step, making it nearly impossible for your Web traffic to be traced.

To get started, youll need todownload the TOR browser, which is a modified version of Firefox. Use the browser when you want to avoid being tracked by your IP address.

Government agencies and hackers have occasionally managed to trace someones traffic over TOR, but so far, the problem has usually turned out to be related to user activity. For this reason, TOR also recommends that you do the following.

Using TOR to browse the Web is probably the simplest way to ensure your security, particularly if you only use it in situations when security is a must. There are ways your traffic can be traced through it, but that usually boils down to user error. Its probably a good idea to only use TOR when its important to be anonymous, and use another browser for day-to-day computing.

As you can tell, there are many different ways you can keep yourself anonymous if you combine the proper tools.Here are just a few examples:

Any of these setups can go a long way toward making your Web activitiescompletely anonymous.

Of course, theres always more you can do. For example, you could switch from Google which famously tracks your search activity to DuckDuckGo, which doesnt. Moreover, if youre using an unencrypted Wi-Fi connection, anyone nearby can sniff out your traffic and get a very good idea of what youre up to online. Make sure your router is set up to encrypt your traffic, and be sure to browse only through a VPN when you must use an unencrypted connection.

The Internet was never designed for anonymous usage, which makesstayinganonymous online a good dealof work. The above tools are a great starting point, but remaininganonymous in the long termdepends on whether you keep up with the latest security news and ensure your software is up to date.Good luck, and stay safe out there!

Continue reading here:
Want to browse the web privately? Heres how to do it for real - Yahoo Tech

Posted in Tor Browser | Comments Off on Want to browse the web privately? Heres how to do it for real – Yahoo Tech

Page 3«..2345..1020..»