BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The results of the security audit show that Tor Browser passed the tough test.

    In-depth analysis: what Tor security holes were found?

    The creators of Tor Browser, a popular tool for browsing the Internet anonymously, have made the results of a full security audit public. The main projects that were checked out were Tor Browser, OONI Probe, rdsys, BridgeDB, and Conjure. From November 2022 to April 2023, the review was done by experts from Cure53.

    Nine security holes were found during the scan. Two of these vulnerabilities were seriously flawed, one was thought to be moderately dangerous, and the other six were deemed minor. Ten technical flaws that were not directly related to security issues were also found. But it has been found that the Tor code follows the rules for safe programming.

    Most important weaknesses:

    1. The first rdsys vulnerability that could be dangerous: A weakness was found in the rdsys backend, which sends resources like proxy lists and download links to users. When trying to get to the resource registration handler, there wasn't enough authentication. This made it possible for the attacker to list his harmful resource and let users use it. By sending an HTTP request to the rdsys handler, the flaw could be taken advantage of.
    2. The second dangerous flaw in Tor Browser had to do with the fact that digital signatures weren't being checked when rdsys and BridgeDB loaded a list of bridges. Since this list is loaded before connecting to the Tor anonymous network, attackers could change what's on it by, say, interfering with the connection. This could mean that users connect through bridge nodes that have been hacked and are now controlled by the attacker.
    3. Medium severity vulnerability in rdsys: A weakness was found in the rdsys subsystem in the script for setting up the assembly. As long as the attacker had access to the server and could write to the temporary files directory, he could change his account from user nobody to user rdsys. To take advantage of the flaw, the executable file in the /tmp directory must be replaced. If an attacker gets access to the rdsys user account, they can change executable files that are run through rdsys.
    4. Low-Severity Vulnerabilities: Most of them were caused by using old libraries that had known vulnerabilities or the chance of denial of service. For example, Tor Browser could get around blocking JavaScript when the security level was set to the highest level. It also didn't limit file downloads and let information leak through the user's home page, which meant that users could be tracked between restarts.

    Everything that could go wrong has been fixed so far. Extra safety measures have also been put in place, such as authentication for all rdsys components and checking digital signatures when adding lists to the Tor Browser.

    Along with fixing 19 vulnerabilities, a new version of Tor Browser 13.0.1 was released. It was based on Firefox 115.4.0 ESR. Fixed security holes in Firefox branch 119 have been moved to Tor Browser 13.0.1 for Android.

    Author reign3d
    Can You Hire a Hitman on the Dark Web? Here’s What You Need to Know
    Comprehensive Guide on the Jobs You’ll Find on the Dark Web – How to Get a Job

    Comments 0

    Add comment