BTC $60655.4951
ETH $3360.7632
BNB $571.3121
SOL $134.9947
stETH $3357.3374
XRP $0.4760
TON $7.5547
DOGE $0.1221
ADA $0.3892
wstETH $3933.4365
TRX $0.1208
WETH $3361.5880
AVAX $25.1197
WBTC $60819.9962
LINK $13.8833
DOT $5.8026
UNI $9.4317
BCH $371.6624
MATIC $0.5684
weETH $3496.2608
DAI $1.0015
LTC $70.5618
PEPE $0.0000
FET $1.6798
RNDR $7.6967
BSC-USD $0.9984
ICP $8.0973
CAKE $2.1400
KAS $0.1543
USDE $1.0004
ezETH $3394.4397
ETC $23.3487
NEAR $5.5289
APT $6.9055
IMX $1.5454
XMR $162.9883
HBAR $0.0783
FDUSD $1.0005
FIL $4.3895
OKB $41.2630
MNT $0.7568
ONDO $1.1969
STX $1.5913
ENS $22.9679
ATOM $6.9650
INJ $23.1544
LDO $2.4218
BTC $60655.4951
ETH $3360.7632
BNB $571.3121
SOL $134.9947
stETH $3357.3374
XRP $0.4760
TON $7.5547
DOGE $0.1221
ADA $0.3892
wstETH $3933.4365
TRX $0.1208
WETH $3361.5880
AVAX $25.1197
WBTC $60819.9962
LINK $13.8833
DOT $5.8026
UNI $9.4317
BCH $371.6624
MATIC $0.5684
weETH $3496.2608
DAI $1.0015
LTC $70.5618
PEPE $0.0000
FET $1.6798
RNDR $7.6967
BSC-USD $0.9984
ICP $8.0973
CAKE $2.1400
KAS $0.1543
USDE $1.0004
ezETH $3394.4397
ETC $23.3487
NEAR $5.5289
APT $6.9055
IMX $1.5454
XMR $162.9883
HBAR $0.0783
FDUSD $1.0005
FIL $4.3895
OKB $41.2630
MNT $0.7568
ONDO $1.1969
STX $1.5913
ENS $22.9679
ATOM $6.9650
INJ $23.1544
LDO $2.4218
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The results of the security audit show that Tor Browser passed the tough test.

    In-depth analysis: what Tor security holes were found?

    The creators of Tor Browser, a popular tool for browsing the Internet anonymously, have made the results of a full security audit public. The main projects that were checked out were Tor Browser, OONI Probe, rdsys, BridgeDB, and Conjure. From November 2022 to April 2023, the review was done by experts from Cure53.

    Nine security holes were found during the scan. Two of these vulnerabilities were seriously flawed, one was thought to be moderately dangerous, and the other six were deemed minor. Ten technical flaws that were not directly related to security issues were also found. But it has been found that the Tor code follows the rules for safe programming.

    Most important weaknesses:

    1. The first rdsys vulnerability that could be dangerous: A weakness was found in the rdsys backend, which sends resources like proxy lists and download links to users. When trying to get to the resource registration handler, there wasn't enough authentication. This made it possible for the attacker to list his harmful resource and let users use it. By sending an HTTP request to the rdsys handler, the flaw could be taken advantage of.
    2. The second dangerous flaw in Tor Browser had to do with the fact that digital signatures weren't being checked when rdsys and BridgeDB loaded a list of bridges. Since this list is loaded before connecting to the Tor anonymous network, attackers could change what's on it by, say, interfering with the connection. This could mean that users connect through bridge nodes that have been hacked and are now controlled by the attacker.
    3. Medium severity vulnerability in rdsys: A weakness was found in the rdsys subsystem in the script for setting up the assembly. As long as the attacker had access to the server and could write to the temporary files directory, he could change his account from user nobody to user rdsys. To take advantage of the flaw, the executable file in the /tmp directory must be replaced. If an attacker gets access to the rdsys user account, they can change executable files that are run through rdsys.
    4. Low-Severity Vulnerabilities: Most of them were caused by using old libraries that had known vulnerabilities or the chance of denial of service. For example, Tor Browser could get around blocking JavaScript when the security level was set to the highest level. It also didn't limit file downloads and let information leak through the user's home page, which meant that users could be tracked between restarts.

    Everything that could go wrong has been fixed so far. Extra safety measures have also been put in place, such as authentication for all rdsys components and checking digital signatures when adding lists to the Tor Browser.

    Along with fixing 19 vulnerabilities, a new version of Tor Browser 13.0.1 was released. It was based on Firefox 115.4.0 ESR. Fixed security holes in Firefox branch 119 have been moved to Tor Browser 13.0.1 for Android.

    Author reign3d
    Can You Hire a Hitman on the Dark Web? Here’s What You Need to Know
    Comprehensive Guide on the Jobs You’ll Find on the Dark Web – How to Get a Job

    Comments 0

    Add comment