Hasta La Gadget!

Since the revelations about NSA spying came to the surface earlier this summer, everybody’s paying a little bit more attention to their privacy online. That’s good news for Tor, a suite of software and network of computers that enables you to use the internet anonymously. And for anyone who uses it.

Read more…

An attack against Tor Browser users on Windows machines was discovered this Sunday, and there is speculation that the uncovered malware was used by a law enforcement agency to harvest the IP addresses of users of several hidden services hosted by Freedom Hosting. The malware exploits a serious JavaScript security vulnerability affecting Firefox and other products that share the same code base, including the Tor Browser.

Read more…

It was just over two years ago that the paragon of internet privacy, the Tor project, decided to build its own browser by forking Firefox. Wired reports that an exploit of that very same browser has been recently discovered that allowed a number of users’ Windows computers to be infected with malware. Once installed, the code delivered infected machines’ hostnames and MAC addresses to a remote web server in Reston, Virginia, a city located just outside Washington D.C. The browser exploit — a JavaScript vulnerability inherent to Firefox version 17, the version upon which the Tor browser was built — was enabled by a breach of Freedom Hosting servers. In this case, affected Freedom Hosting servers delivered web pages to users with the JavaScript exploit embedded in them.

There’s no direct evidence that the malware comes from the government, but the malware’s command and control IP address is registered to a governmental defense contractor. Plus, the data pulled from infected machines indicates it could be an example of the FBI’s computer and internet protocol address verifier (CIPAV) software first identified by Wired in 2007. CIPAV has been used by the FBI to help identify and catch terrorists, hackers and criminals since 2002, but the exact nature of the software has never been revealed. Regardless, the vulnerability in the browser has been identified and fixed, so users need only update to the newest version of the Tor browser to keep their web traffic away from prying eyes… for now, at least.

Update: To be clear, the Firefox exploit in question was fixed, along with the Tor browser well over a month ago, and any users who have updated since June 26th were not affected.

Filed under: Internet

Comments

Via: Wired

Source: Tor Project, Tor Blog

Over the weekend, security researchers noticed some strange activity happening on the Tor network, an anonymous "darknet" used for everything from private browsing to selling drugs. Some hacker appeared to be using custom-made malware to identify its users. But according to Wired‘s sources, this was no hacker. It was the FBI.

Read more…

Adafruit Industries has put together a weekend project for people worried the NSA is monitoring how many reruns of Seinfeld they watch on their tablet. The Onion Pi Tor Proxy is a weekend project that uses the Raspberry Pi microcomputer, along with a USB WiFi adapter and Ethernet cable to create “a small, low-power and portable privacy Pi” for using with portable or other computing devices (e.g. your work laptop) that can’t otherwise run the anonymising Tor network.

In the Onion Pi configuration, the Pi creates a secure access point which automatically routes any web browsing through Tor’s distributed network of relays. The Tor network is designed to disrupt web surveillance by preventing web snoopers from learning which sites you visit, and also the sites you visit from learning your physical location. It does this by ensuring every Internet packet goes through three layers of relays before going on to its intended destination. Hence Tor’s many layered onion motif.

Adafruit says the Onion Pi is good for those who…

…want to browse anonymously on a netbook, tablet, phone, or other mobile or console device that cannot run Tor and does not have an Ethernet connection. If you do not want to or cannot install Tor on your work laptop or loan computer. If you have a guest or friend who wants to use Tor but doesn’t have the ability or time to run Tor on their computer, this gift will make the first step much easier.

Getting the Onion Pi access point up and running means plugging the Ethernet cable into any Internet access point and powering up the Pi via its micro USB cable plugged into your laptop/the wall adapter. The Pi will then create the Onion Pi access point. Connect to that for a less NSA-friendly browsing session.

That said, Adafruit’s Onion Pi page does contain caveats regarding exactly how anonymous this set-up is — noting: “We can’t guarantee that it is 100% anonymous and secure! Be smart & paranoid about your TOR usage.”

Other Adafruit tips for keeping your web browsing on the down-low include:

• deleting and blocking your browser cache, history & cookies — and/or using a browser that offers anonymous sessions
• avoiding logging into existing accounts with personally identifying information
• using SSL to end-to-end encrypt communications —  NSA whistleblower Edward Snowden has also said encryption works