BTC $57127.6948
ETH $2317.6865
BNB $533.4933
SOL $132.7078
XRP $0.5357
stETH $2342.4528
DOGE $0.1016
TRX $0.1532
TON $5.3155
ADA $0.3471
wstETH $2734.6891
AVAX $23.4381
WBTC $57159.0035
WETH $2329.2558
BCH $337.2948
LINK $10.4424
UNI $6.9097
DOT $4.1583
DAI $1.0000
LTC $61.7115
KAS $0.1672
ICP $8.6656
BSC-USD $0.9924
FET $1.3307
XMR $171.3137
CAKE $1.7281
PEPE $0.0000
APT $6.0999
ETC $18.5370
USDE $0.9987
FDUSD $0.9920
IMX $1.2573
SUI $0.9090
NEAR $3.9946
STX $1.5851
OKB $39.1991
RNDR $5.7781
AAVE $149.0399
POL $0.3764
FIL $3.6028
TAO $281.1944
XLM $0.0927
HBAR $0.0501
INJ $18.7793
MNT $0.5585
VET $0.0217
MATIC $0.3817
BTC $57127.6948
ETH $2317.6865
BNB $533.4933
SOL $132.7078
XRP $0.5357
stETH $2342.4528
DOGE $0.1016
TRX $0.1532
TON $5.3155
ADA $0.3471
wstETH $2734.6891
AVAX $23.4381
WBTC $57159.0035
WETH $2329.2558
BCH $337.2948
LINK $10.4424
UNI $6.9097
DOT $4.1583
DAI $1.0000
LTC $61.7115
KAS $0.1672
ICP $8.6656
BSC-USD $0.9924
FET $1.3307
XMR $171.3137
CAKE $1.7281
PEPE $0.0000
APT $6.0999
ETC $18.5370
USDE $0.9987
FDUSD $0.9920
IMX $1.2573
SUI $0.9090
NEAR $3.9946
STX $1.5851
OKB $39.1991
RNDR $5.7781
AAVE $149.0399
POL $0.3764
FIL $3.6028
TAO $281.1944
XLM $0.0927
HBAR $0.0501
INJ $18.7793
MNT $0.5585
VET $0.0217
MATIC $0.3817
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The results of the security audit show that Tor Browser passed the tough test.

    In-depth analysis: what Tor security holes were found?

    The creators of Tor Browser, a popular tool for browsing the Internet anonymously, have made the results of a full security audit public. The main projects that were checked out were Tor Browser, OONI Probe, rdsys, BridgeDB, and Conjure. From November 2022 to April 2023, the review was done by experts from Cure53.

    Nine security holes were found during the scan. Two of these vulnerabilities were seriously flawed, one was thought to be moderately dangerous, and the other six were deemed minor. Ten technical flaws that were not directly related to security issues were also found. But it has been found that the Tor code follows the rules for safe programming.

    Most important weaknesses:

    1. The first rdsys vulnerability that could be dangerous: A weakness was found in the rdsys backend, which sends resources like proxy lists and download links to users. When trying to get to the resource registration handler, there wasn't enough authentication. This made it possible for the attacker to list his harmful resource and let users use it. By sending an HTTP request to the rdsys handler, the flaw could be taken advantage of.
    2. The second dangerous flaw in Tor Browser had to do with the fact that digital signatures weren't being checked when rdsys and BridgeDB loaded a list of bridges. Since this list is loaded before connecting to the Tor anonymous network, attackers could change what's on it by, say, interfering with the connection. This could mean that users connect through bridge nodes that have been hacked and are now controlled by the attacker.
    3. Medium severity vulnerability in rdsys: A weakness was found in the rdsys subsystem in the script for setting up the assembly. As long as the attacker had access to the server and could write to the temporary files directory, he could change his account from user nobody to user rdsys. To take advantage of the flaw, the executable file in the /tmp directory must be replaced. If an attacker gets access to the rdsys user account, they can change executable files that are run through rdsys.
    4. Low-Severity Vulnerabilities: Most of them were caused by using old libraries that had known vulnerabilities or the chance of denial of service. For example, Tor Browser could get around blocking JavaScript when the security level was set to the highest level. It also didn't limit file downloads and let information leak through the user's home page, which meant that users could be tracked between restarts.

    Everything that could go wrong has been fixed so far. Extra safety measures have also been put in place, such as authentication for all rdsys components and checking digital signatures when adding lists to the Tor Browser.

    Along with fixing 19 vulnerabilities, a new version of Tor Browser 13.0.1 was released. It was based on Firefox 115.4.0 ESR. Fixed security holes in Firefox branch 119 have been moved to Tor Browser 13.0.1 for Android.

    Author reign3d
    Can You Hire a Hitman on the Dark Web? Here’s What You Need to Know
    Comprehensive Guide on the Jobs You’ll Find on the Dark Web – How to Get a Job

    Comments 0

    Add comment