BTC $99830.5817
ETH $4000.6021
XRP $2.6105
SOL $238.5568
BNB $750.0325
DOGE $0.4538
ADA $1.2137
stETH $3996.3142
TRX $0.3190
AVAX $51.6627
wstETH $4752.7832
TON $6.8025
UNI $18.1025
WBTC $99571.0079
DOT $10.6186
LINK $24.7921
WETH $4049.4968
HBAR $0.3314
SUI $4.2613
BCH $608.3109
PEPE $0.0000
XLM $0.5050
LTC $133.7468
NEAR $7.7396
APT $14.5825
ICP $14.7073
FET $2.0670
ETC $37.2497
POL $0.7006
CRO $0.2031
VET $0.0667
DAI $0.9995
RENDER $10.2805
BSC-USD $1.0002
TAO $698.2496
ARB $1.1650
FIL $7.8325
KAS $0.1848
USDE $1.0015
BGB $2.7231
AAVE $282.4296
ALGO $0.5111
IMX $2.0726
STX $2.6584
ATOM $10.1949
ONDO $1.6799
MNT $1.1608
BTC $99830.5817
ETH $4000.6021
XRP $2.6105
SOL $238.5568
BNB $750.0325
DOGE $0.4538
ADA $1.2137
stETH $3996.3142
TRX $0.3190
AVAX $51.6627
wstETH $4752.7832
TON $6.8025
UNI $18.1025
WBTC $99571.0079
DOT $10.6186
LINK $24.7921
WETH $4049.4968
HBAR $0.3314
SUI $4.2613
BCH $608.3109
PEPE $0.0000
XLM $0.5050
LTC $133.7468
NEAR $7.7396
APT $14.5825
ICP $14.7073
FET $2.0670
ETC $37.2497
POL $0.7006
CRO $0.2031
VET $0.0667
DAI $0.9995
RENDER $10.2805
BSC-USD $1.0002
TAO $698.2496
ARB $1.1650
FIL $7.8325
KAS $0.1848
USDE $1.0015
BGB $2.7231
AAVE $282.4296
ALGO $0.5111
IMX $2.0726
STX $2.6584
ATOM $10.1949
ONDO $1.6799
MNT $1.1608
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The results of the security audit show that Tor Browser passed the tough test.

    In-depth analysis: what Tor security holes were found?

    The creators of Tor Browser, a popular tool for browsing the Internet anonymously, have made the results of a full security audit public. The main projects that were checked out were Tor Browser, OONI Probe, rdsys, BridgeDB, and Conjure. From November 2022 to April 2023, the review was done by experts from Cure53.

    Nine security holes were found during the scan. Two of these vulnerabilities were seriously flawed, one was thought to be moderately dangerous, and the other six were deemed minor. Ten technical flaws that were not directly related to security issues were also found. But it has been found that the Tor code follows the rules for safe programming.

    Most important weaknesses:

    1. The first rdsys vulnerability that could be dangerous: A weakness was found in the rdsys backend, which sends resources like proxy lists and download links to users. When trying to get to the resource registration handler, there wasn't enough authentication. This made it possible for the attacker to list his harmful resource and let users use it. By sending an HTTP request to the rdsys handler, the flaw could be taken advantage of.
    2. The second dangerous flaw in Tor Browser had to do with the fact that digital signatures weren't being checked when rdsys and BridgeDB loaded a list of bridges. Since this list is loaded before connecting to the Tor anonymous network, attackers could change what's on it by, say, interfering with the connection. This could mean that users connect through bridge nodes that have been hacked and are now controlled by the attacker.
    3. Medium severity vulnerability in rdsys: A weakness was found in the rdsys subsystem in the script for setting up the assembly. As long as the attacker had access to the server and could write to the temporary files directory, he could change his account from user nobody to user rdsys. To take advantage of the flaw, the executable file in the /tmp directory must be replaced. If an attacker gets access to the rdsys user account, they can change executable files that are run through rdsys.
    4. Low-Severity Vulnerabilities: Most of them were caused by using old libraries that had known vulnerabilities or the chance of denial of service. For example, Tor Browser could get around blocking JavaScript when the security level was set to the highest level. It also didn't limit file downloads and let information leak through the user's home page, which meant that users could be tracked between restarts.

    Everything that could go wrong has been fixed so far. Extra safety measures have also been put in place, such as authentication for all rdsys components and checking digital signatures when adding lists to the Tor Browser.

    Along with fixing 19 vulnerabilities, a new version of Tor Browser 13.0.1 was released. It was based on Firefox 115.4.0 ESR. Fixed security holes in Firefox branch 119 have been moved to Tor Browser 13.0.1 for Android.

    Author reign3d
    Can You Hire a Hitman on the Dark Web? Here’s What You Need to Know
    Comprehensive Guide on the Jobs You’ll Find on the Dark Web – How to Get a Job

    Comments 0

    Add comment