"Dread Pirate Roberts," the mastermind behind the online drug market Silk Road, seemed like a smart dude. He amassed a multimillion dollar fortune in drug money in just a few years! And he did it using the deep web and cryptocurrency usually associated with sophisticated cybercrime. But if 30-year-old self-styled "Robert Pattinson lookalike" Ross Ulbricht is found guilty of being the Dread Pirate Roberts, he will have revealed his identity in a remarkably unsophisticated way. A federal agent says he pinned the Silk Road on Ulbricht with a simple Google search.

In court on Thursday, special agent Gary Alford described how he googled the Silk Road's original Tor browser address and looked at the earliest results, Motherboard reported today. You can't access Tor websites through Google, but you can see when people discussed their URLs. This led him to a post in a Bitcoin forum by someone called "altoid" trying to attract people to the Silk Road back when it was starting out. Alford looked through the posts by "altoid" and saw that rossulbricht@gmail.com, Ulbricht's personal email address, turned up in his posts. He took screenshots of the damning search.

If the prosecution's evidence is true, Ulbricht sucked SO BAD at keeping his identity a secret. He got tied to the site using literally the most basic Google search imaginable. And he left a veritable treasure trove of evidence, including a friggin diary of his internal turmoil regarding his burgeoning drug empire, on his computer.

The Silk Road trial has covered a broad swath of internet culture, with the Tor Browser, emoticons, Bitcoin, and now Google search playing significant roles in the proceedings.

And screenshots could have an important legacy in this case. Alford presented the screenshots of his Google search as evidence, which is noteworthy because screenshots are on shaky ground as legitimate evidencesomething Ulbricht's defense will surely pounce on. In United States v. Vayner last year, a court ruled that screenshots couldn't be used as evidence, since it's so easy to alter images or just outright fake them. Unless Alford and the prosecution have a way to verify that they're unaltered, the defense may try to invalidate this connection in the eyes of the jury.

If the screenshots are taken as legitimate and Ulbricht gets convicted partly because of the screenshot evidence, it'll a precedent for how screenshots are treated in courtrooms in the future. So this Google search isn't just a potential smoking gun; it could have lasting repercussions on the legal system. [Motherboard]

Continue reading here:

Feds Caught the Silk Road Mastermind With... A Google Search

Tor Browser is a secure application that allows you to surf anonymously. Navigation and data exchange over a network is made via encrypted connections between computers. For electronic mail, an encrypted channel is used to ensure that any possible interception by third parties. Since it is portable, Tor Browser requires no installation and can run on a USB key.Tor Browser Bundle for Mac is a package that installs and manages the Tor project software on your Mac. Tor allows you to hide your identity and prevent IP address-tracking back to your device. The Tor Browser Bundle for Mac comprises a number of files, but its easy enough to install.Tor Browser Full Version Free download For Windows Xp.

Tor uses a set of servers around the world, most maintained by individuals, that reroute your URL request through two, three, or more different servers in an attempt to make your path from your Mac to the destination URL difficult to track back. Each hop in the Tor network hides your IP address a bit more, and after three hops it is very difficult for the destination device to know where the connection originated from. This effectively hides your IP address. Of course, the problem is the more hops, the longer it takes for traffic to route between the end URL and your machine, so Tor is a slower way of accessing the Internet. The Tor Browser Bundle for Mac is from the Tor project and includes files saying how to set up and use Tor. Theres a set of videos on the Tor project Web site to help you get everything working properly, regardless of the browser you ultimately use.

Tor Browser Tutorial

Click here For Tor Browser Full Version Free download

Read more here:

Tor Browser Full Version Download For Android

The organization opted for running middle relays, although exit relays would have probably helped the anonymity network more

Mozilla has dusted off some decommissioned servers and networking gear and used them to set up high-speed relays on the Tor anonymity network.

The plan to run Tor relays was revealed in November, when the software developer announced its Polaris Privacy Initiative, a collaboration with other non-profit organizations to enhance privacy on the Web.

One of those organizations was the Tor Project, which develops the client and server software for the Tor anonymity network. As part of the partnership, Mozilla said that it will make some changes in Firefox to ease the work of Tor Project developers who maintain the Tor Browser, a modified version of Firefox that allows users to access the Web through the Tor network.

The organization also said at the time that it will host its own "high-capacity Tor middle relays to make Tor's network more responsive and allow Tor to serve more users."

On Wednesday, Mozilla announced that its prototype Tor relays are up and running on three HP ProLiant SL170z G6 servers connected to a pair of Juniper EX4200 switches that benefit from two 10Gbps uplinks through one of the organization's transit providers.

"The current design is fully redundant," Mozilla network engineer Arzhel Younsi said in a blog post that contains more details about the project. "This allows us to complete maintenance or have node failure without impacting 100% of traffic. The worst case scenario is a 50% loss of capacity."

The relays currently run outside of Mozilla's production infrastructure, but the organization's security team helped lock them down with strict firewall filtering, operating system hardening, automatic updates, network device management and more.

"We've also implemented a periodic security check to be run on these systems," Younsi said. "All of them are scanned from inside for security updates and outside for opened ports."

The Tor network has three main types of relays, or nodes: middle relays, exit relays and bridges. Internet traffic routed through the Tor network will randomly pass through at least three Tor relays before it exits back onto the Internet to reach its final destination.

See original here:

Mozilla puts old hardware to new use, runs Tor relays

Run Tor browser as root on kali linux

By: daoud ahmed

Go here to read the rest:

Run Tor browser as root on kali linux - Video

All Ages

Based on information provided by the developer, the content of this application has material that is appropriate for all users and contains no objectionable content or advertisements.

Based on information provided by the developer, the content of this application has material that is appropriate for most users. The app may include account creation, location detection, user generated content, advertisements, infrequent or mild references to violence, profanity, or crude themes, or other content not suitable for all ages.

Based on information provided by the developer, the content of this application has material that is only appropriate for mature users. The app may include account creation, location detection, user generated content, advertisements, explicit references to or images of drugs, alcohol, tobacco, graphic violence, profanity, or crude humor, mild sexual and suggestive themes, nudity within medical, informational, or artistic contexts, simulated gambling, or other content only suitable for mature audiences.

Based on information provided by the developer, the content of this application has material that is only appropriate for adults. The app may include account creation, location detection, user generated content, advertisements, explicit references to or images of drugs, alcohol, tobacco, graphic violence, profanity, or crude humor, sexual and suggestive themes, nudity, simulated gambling, or other content only suitable for adult audiences.

This application contains content that is downloading real-time, based on inputs from the user or developer. The maturity rating associated with this application pertains only to the static elements of the application and does not cover any dynamic information (e.g. websites, friend postings, tweets). Dynamic content is defined as any content that may change within the application. Content can include animations, video or audio.

Link:

Amazon.com: Tor Browser: Appstore for Android

How to Download and Use the Tor Browser

By: Root Codes

Read more here:

How to Download and Use the Tor Browser - Video

Illustrations by Susie Cagle.

The Silk Road trial is a high-tech case of nearly inscrutable levels, and prosecutors are grappling with the burden of having to explain cryptographic technologies to a jury whose demographics lean away from technological sophistication. As Judge Katherine Forrest explained to them on Tuesday, the jury need not have any technical expertise to rule on the issues at trial, since everything they need ought to be presented to them in court. But the prosecutionalthough not for lack of effortseems to be falling short of making sense to the jurors.

In a conference with the attorneys on Wednesday, before the jury entered the courtroom, Judge Forrest complained about the prosecutions explanation of Tor. What [the Tor Browser] is, I think, is mumbo-jumbo to most people on the jury right now. theres room for clarity, here.

Quite early on in the pre-trial process, the judge had asked for the two sides to come up with a glossary of technical terms. But in the end, the prosecution and the defense could not reach an agreement on how the terms should be defined. Although the exact substance and the extent of their disagreement is yet unknown, the filings do show that they often sparred over whether to characterize Bitcoin as a currency (a term favored by the prosecution) or as a payments system (favored by Ross Ulbrichts defense). Another point of contention may have been how to characterize Tor. In the opening statements, the prosecution repeatedly referred to the Tor-hidden service Silk Road as a dark and secret part of the Internet, whereas the defense pointedly mentioned that Tor had actually been developed by the U.S. government for legitimate means.

Only three days have passed and the jury has already been barraged with detailed technical explanations of a dizzying array of cryptographic technologies: Tor, PGP, Bitcoin. The run-downs of these technologies have been interspersed with nearly comical explanations of far more basic elements of the Internethow forum posts work, the difference between forum posts and direct messages, what the Internet Archive is, and the concept of a wiki.

With respect to the last, at one point, the prosecutor asked his first witness, a DHS agent, What is a wiki? The witness began his answer with, Its, uh, its like Wikipedia.

Illustration by Susie Cagle.

For the most part, the prosecutions explanations have been thorough, detailed, and technically correct. Explanations have often been accompanied by exhibits that can only be described as tutorial videos, where Jared Der-Yeghaiyan, the aforementioned DHS agent, walked the jury step by step through how to use Tor, how to track Bitcoin transactions on blockchain.info, and how to encrypt e-mails with PGP. Nonetheless, the prosecution is up against a difficult task: hosting a crypto-party for a group that never asked to be in the room in the first place.

Read the original:

Silk Road Judge: Tor Browser Is "Mumbo-Jumbo To Most People On The Jury Right Now"

Attackers have started distributing a new and improved version of the CryptoWall file-encrypting ransomware program over the past few days, security researchers warn.

The new version, dubbed CryptoWall 3.0, uses localization and passes traffic to a site where users can pay for their decryption keys through two anonymity networksTor and I2P (the Invisible Internet Project).

CryptoWall is a sophisticated ransomware program that encrypts the victims files with a strong cryptographic algorithm. Users are asked to pay the equivalent of $500 in bitcoin virtual currency in order to receive the decryption key that allows them to recover their files.

The ransomware program provides users with links to several sites that act as Tor gateways. These proxy servers are supposed to automatically connect the users browser to the CryptoWall decryptor service hosted on the Tor network. However, it seems that with CryptoWall 3.0, the users traffic is also passed through another anonymity network called I2P.

A malware researcher who uses the online alias Kafeine discovered this change after infecting his test system with a CryptoWall 3.0 sample. When he tried to visit one of the Tor gateway links as instructed by the malware he received an error in Russian that roughly translates to: I2P website is unavailable. Perhaps it is disabled, the network is congested or your router is not well integrated with other nodes. You can repeat the operation.

This suggests that the site where users can pay the ransom and get their decryption keys from is no longer hosted on Tor, but on I2P. The Tor gateway likely passes the users traffic to a Tor hidden service first, which then connects to the I2P network to retrieve the real website. The ransom note also instructs users to download the Tor browser and access a Tor hidden service directly if the Tor gateway URLs no longer work.

CryptoWall is not the first malware program to use I2P. In November 2013, security researchers reported that an online banking Trojan called i2Ninja was being advertised on cybercriminal forums. The program communicated with a command-and-control server hosted on the I2P network, instead of Tor.

Like Tor, the I2P network allows users to run hidden services such as websites that are only accessible from within the network itself. With Tor such websites use the .onion pseudo-top-level domain, while with I2P they use .i2p.

A new version of Silk Road, an online marketplace for illegal goods and services, was recently launched on I2P. The site was previously hosted on Tor and was shut down two times by the FBI.

Cybercriminals started distributing CryptoWall 3.0 Monday, after around two months of inactivity that made researchers wonder whether the threat was gone.

Read more from the original source:

CryptoWall ransomware is back with new version after two months of silence

The notorious online black market Silk Road Reloaded has left the Tor web browser to join a more anonymous network known as I2P.

Following the decision, Silk Road Reloaded has also made a number of policy changes, including ending its exclusivity with bitcoin. The site now allows transactions to take place with other cryptocurrencies such as dogecoin and anoncoin.

However, the website will now enforce a one percent administrative fee for converting other currencies into bitcoin.

As news breaks regarding the Silk Road developments, Ross Ulbricht, the man accused of operating the original version of the site, is standing trial. Silk Road 2.0, the second iteration of the site, was also closed in November of last year and its alleged owner, Blake Benthall, arrested.

I2P sites, also on the so-called dark netba, do not show up in Google searches and require special software to access them. Although it operates in a similar way to the Tor browser, I2P or "eepsites" are believed to offer increased security.

I2P or The Invisible Internet Project claims that its objective is to circumvent surveillance from Internet service providers (ISPs) and government agencies. Although anonymous networks are often associated with criminal activity, I2P operators say that the network is used "by many people who care about their privacy; activists, oppressed people, journalists and whistleblowers, as well as the average person".

Silk Road Reloaded deals in the trade of a number of illegal products, including drugs, counterfeit money and fake identity documents. However, weapons and stolen credit cards, both of which can be found on some Tor sites, are not permitted.

The sites new administrator wrote that Silk Road Reloaded defended a key human right.

"We created this to allow the most basic of human activities to occur unimpeded, that being trade", they wrote. "It's not only a major disruption of progress, but it is an interference to control someone to the degree that their free will is compromised. We may not be able to stop this but we certainly won't contribute to it".

See original here:

Silk Road Reloaded ditches Tor for I2P

Easy way to configurate Proxy in tor browser or Mozilla firefox
The URL of the Proxy : http://www.proxynova.com.

By: BD BoY

View post:

Easy way to configurate Proxy in tor browser or Mozilla firefox - Video

Fake Tor app has been sitting in Apple's App Store for months, Tor Project says Share This Home News iOS Apps Fake Tor app has been sitting in Apple's App Store for months, Tor Project says For the past several months Tor developers have unsuccessfully been trying to convince Apple to remove from its iOS App Store what they believe to be a fake and potentially malicious Tor Browser application.

For the past several months Tor developers have unsuccessfully been trying to convince Apple to remove from its iOS App Store what they believe to be a fake and potentially malicious Tor Browser application.

The issue came into the public spotlight Wednesday when people involved in the Tor Project, which develops the Tor anonymity software, took to Twitter to make their concerns heard.

Runa A. Sandvik, a staff technologist at the Center for Democracy and Technology who's also involved in the Tor Project, said on Twitter, "Dear Apple, please take down the fake #Tor Browser Bundle you have in your App Store."

Sandvik pointed to an entry on the Tor Project's bug tracker where the third-party app has been discussed by Tor developers since December.

"Tor Browser in the Apple App Store is fake," the entry's description reads. "It's full of adware and spyware. Two users have called to complain. We should have it removed."

According to subsequent messages on the bug tracker, a complaint was filed with Apple on Dec. 26 and the company reportedly responded on Jan. 3 saying it will give a chance to the app's developer to defend it.

More than two months later, the Tor Browser app created by a developer named Ronen is available still in the App Store. It was last updated on Nov. 6 and only one of the three customer reviews so far includes a complaint about how ads are being displayed, with the reviewer noting that the app is very good at what it does otherwise.

The discussion continued in the weeks that followed on the Tor Project bug tracker, with developers proposing contacting Apple employees directly and public "naming and shaming" as possible courses of action.

"I mailed Window Snyder and Jon Callas to see if they can get us past the bureaucracy," Tor Project Leader Roger Dingledine said Wednesday on the bug tracker using his developer handle arma. "Otherwise I guess plan C is to get high-profile people on Twitter to ask Apple why it likes harming people who care about privacy. (I hope plan B works.)"

Continue reading here:

Fake Tor app has been sitting in Apple's App Store for months, Tor Project says

Be Anonymous Online Part 3 (Tor)
This Tutorial will describe how you can use Tor browser for bypass firewall restricted access to browse website or download content and basic about the onion...

By: Anish Mandal

Read the original post:

Be Anonymous Online Part 3 (Tor) - Video

Image: Elizabeth Pierson, Mashable

By Rex Santus2014-12-27 01:56:41 UTC

There are a lot of tools online that claim to offer you total privacy. But when dealing with something like Internet anonymity, it's hard to be sure.

One that's widely agreed to be among the best available is Tor. If used correctly, the Tor browser and network cloaks online activity in anonymity; your online traffic isn't traceable back to you. It's less about keeping credit card numbers secure and more about allowing you to browse the web and communicate with others without revealing who and where you are.

But Tor was attacked on Friday. The hacker group known as Lizard Squad or at least a Twitter account claiming to be involved with the collective said that it was going after Tor. According to Tor, which has confirmed the attack, but not the perpetrator, there should be no effects on anonymity or performance. But some experts have speculated that the hackers could track the network's users.

This comes one day after the hackers took credit for shutting down the PlayStation Network and Xbox Live. The group has claimed responsibility for numerous hacking attacks. It's not entirely clear if Lizard Squad is actually behind all of these hacks, or if the Tor attack is actually being carried out by the group.

Tor's developers openly admit it isn't bulletproof. But nothing is. A report from Wired earlier this month, for example, said the FBI used a hacking app called Metasploit to successfully identify users hiding behind Tor in 2012, and "theres evidence the FBIs anti-Tor capabilities have been rapidly advancing."

Just last week, Tor heard word of a possible attack to disable the network by seizing "specialized servers," according to a post on Tor's website. Whether the new attack is connected to these concerns is unclear.

"Any tool that says they are 100% secure all the time, they are not being accurate," Tor's development director Karen Reilly told Mashable in an interview earlier this month.

Now for a look at Tor: What it is, how it works and what the cyberattack could mean for its users.

Read the original post:

What you need to know about Tor and the hackers targeting it

Tor Browser Kurulumu ve Kullanm
http://www.indirshop.com/program/tor-browser.html.

By: Program ve Teknoloji Portal

More:

Tor Browser Kurulumu ve Kullanm - Video

Your web browser knows a lot about you, and tells the sites you visit a lot about you as well if you let it. Weve talked about which browsers are best for privacy before, and the best tools to lock your browser down, but there are also entire browsers designed to keep your data as secure and private as possible. Lets take a look at some of them.

Whether your preferred browser is Chrome or Firefox, you have a few options to help you browse more securely assuming youre ready to give up on the version everyone else uses and try something new. Here are some options worth trying out.

Tor is going through a rough period right now, but overall, the service is still excellent if youre looking to preserve your anonymity and privacy, and if you want to keep away from malicious tracking cookies and ads. Tor routes your traffic across a series of relays designed to keep your real identity and computer as anonymous as possible. Its not perfect and it certainly has its drawbacks, but if anonymity is your end goal, the Tor Browser (more specifically, the Tor Browser Bundle) is a great way to go.

The Tor Browser is based on Firefox, open source, and comes preconfigured to access the Tor network. The vast majority of built-in plugins and services have been disabled or stripped out, and its important that you leave them that way, or else data you mean to keep private can leak to the sites youre visiting. Available for Windows, Mac, Linux, and in portable forms for all of those, its a great way to surf when youre using an untrusted system, want to keep your identity concealed, need to get around content filtering or site-specific blocks, or want to keep your physical location a secret from sites downstream/

Remember Tor is designed for physical and digital anonymity, not security and encryption. What you do while youre using it may give away that anonymity (such as sending emails or logging on to web services), and while communications inside the Tor network are encrypted, as soon as you leave the network, your data is in the clear (if its not encrypted another way.)

Epic Privacy Browser is based on Chromium, is open-source, and is available for Windows and Mac. Weve highlighted Epic before, and while theres genuine scepticism about the browser and its roots in Chromium (the open-source platform upon which Chrome is also based), overall Epic does what it promises. The browser blocks ads, tracking cookies, social boxes and widgets (until you interact with them), blocks tracking scripts and modules from loading (which results in faster-loading web pages), and sandboxes third-party processes and plugins. Epic Browser even encrypts your connection whenever possible (largely by shunting to HTTPS/SSL whenever its available), routes your browsing through a proxy, and protects you from widgetjacking or sidejacking when youre browsing over Wi-Fi.

All of these features are great, and the browser itself is fast and works smoothly. Of course, it doesnt support extensions or plug-ins by design, and its a little heavier than your normal Chrome install, but once its up and running you shouldnt have a problem actually using it. Youll also have to give up some of the conveniences you may be used to in order to protect your privacy, such as autofill, address saving, password saving, history and cache all of those elements are either never stored, or deleted when you close the browser.

Comodo is an internet security company that has been in the business of protecting data for decades. Comodo develops three web browsers, and each of them offers additional protection that you wont find in a standard download of Chrome or Firefox.

Comodo Dragon is a Chromium-based browser that was one of Comodos first browsers. It incorporates a number of Comodo-branded tools into the browsing experience, such as the companys own SSL validation, where every site you visit has its SSL certificate and identity validated by Comodo. Youll receive a notification to let you know everything is OK, or if Comodo thinks the site youre trying to visit is questionable.

If you allow it to, Comodo will route all of your browsing through its secure, encrypted DNS, so you leave fewer traces of your movements around the web. Comodo Dragon also blocks third-party tracking cookies, widgets and other site components from loading. Because its branded by Comodo, it will prompt you to use Comodos other security products as well to complement it, which is a little ironic if youre using a privacy-focused browser in order to not be sold to all the time. Its worth noting that Comodo says that Dragon will only run on Windows 7 and below (although we had no issues with it in Windows 8).

Link:

The Best Privacy And Security-Focused Web Browsers

6 Screenshots

The application's main attempt is to put a web browser at your disposal with the help of which you can both enjoy a friendly interface and keep your system safe. All available features come in the form of a custom-made version of Mozilla Firefox, which is not necessarily bad because it lets you quickly accommodate.

One of the key features in keeping your data safe the integrated HTTPS Everywhere addon, which basically encrypts communication between your computer and various web pages you access. This can easily be configured to allow or restrict access to specific content.

Before being able to fully enjoy a safe browsing experience, the application requires you to select connection type. You can opt for a standard connection, which works in most cases, or configure settings in if you computer uses a proxy or goes through a firewall in order to reach the information superhighway.

Most available options are similar to the one you find in Firefox, with a few additions. The Torbutton puts several settings at your disposal, such as the possibility to fully configure connection settings, handle cookie protection, or even choose a new identity for enhanced security.

Taking everything into consideration, we can say that Tor Browser Bundle comes equipped with all necessary tools you need in order to stay safe while online. It can be used by beginners and experts alike, due to the various advanced settings that are not mandatory in order for the application to properly offer its services.

Read the original post:

Tor Browser Download - Softpedia

Tor Browser Bundle is a free and simple software that enables users to protect their online identity and maintain it anonymously from online attacks and traffic. Tor software prevents other users watching your Internet connection from learning what sites you visit. Besides, it doesnt let the sites you visit learn your physical location. One of the distinctive advantages of Tor Browser Bundle is that it allows you to access earlier blocked sites. Tor Browser Bundle can be installed on Windows, Mac OS X, or Linux without any additional software. As a matter of fact, it can run off a USB flash drive and is very self-sufficient.

Features and Capabilities:

Tor Browser Bundle works with a number of application including web browsers, instant messaging systems, remote access clients and other apps that use TCP protocol. Thousands of people from all the corners of the world use Tor Browser Bundle for various reasons: journalists and bloggers, law enforcement officials, military people, corporations, citizens of the countries with a repressive regime and just regular people.

Why is Tor Browser Bundle so popular on the web? Its been produced to make your life simpler. Now you dont need to worry about your digital track that you leave every time whilst surfing the Internet.

Take over control over the data you produce and download Tor Browser Bundle absolutely free of charge!

http://tor-browser.joydownload.com/ - Tor Browser is a product developed by The Tor Project. This site is not directly affiliated with The Tor Project. All trademarks, registered trademarks, product names and company names or logos mentioned herein are the property of their respective owners. Our download manager distributes the original unmodified software, obtained directly from The Tor Project website, and does not modify it in any way.

More here:

Tor Browser - Download Tor Browser 4.0 in english on ...

In May, the Open Technology Fund commissioned iSEC Partners to study current and future hardening options for the Tor Browser. The Open Technology Fund is the primary funder of Tor Browser development, and it commissions security analysis and review for all of the projects that it funds as a standard practice. We worked with iSEC to define the scope of the engagement to focus on the following six main areas:

The complete report is available in the iSEC publications github repo. All tickets related to the report can be found using the tbb-isec-report keyword. General Tor Browser security tickets can be found using the tbb-security keyword.

The report had the following high-level findings and recommendations.

Due to our use of cross-compilation and non-standard toolchains in our reproducible build system, several hardening features have ended up disabled. We have known about the Windows issues prior to this report, and should have a fix for them soon. However, the MacOS issues are news to us, and appear to require that we build 64 bit versions of the Tor Browser for full support. The parent ticket for all basic hardening issues in Tor Browser is bug #10065.

iSEC recommended that we find a sponsor to fund a Pwn2Own reward for bugs specific to Tor Browser in a semi-hardened configuration. We are very interested in this idea and would love to talk with anyone willing to sponsor us in this competition, but we're not yet certain that our hardening options will have stabilized with enough lead time for the 2015 contest next March.

The Microsoft Enhanced Mitigation Experience Toolkit is an optional toolkit that Windows users can run to further harden Tor Browser against exploitation. We've created bug #12820 for this analysis.

PartitionAlloc is a memory allocator designed by Google specifically to mitigate common heap-based vulnerabilities by hardening free lists, creating partitioned allocation regions, and using guard pages to protect metadata and partitions. Its basic hardening features can be picked up by using it as a simple malloc replacement library (as ctmalloc). Bug #10281 tracks this work.

The iSEC vulnerability review found that the overwhelming majority of vulnerabilities to date in Firefox were use-after-free, followed closely by general heap corruption. In order to mitigate these vulnerabilities, we would need to make use of the heap partitioning features of PartitionAlloc to actually ensure that allocations are partitioned (for example, by using the existing tags from Firefox's about:memory). We will also investigate enabling assertions in limited areas of the codebase, such as the refcounting system, the JIT and the Javascript engine.

A large portion of the report was also focused on analyzing historical Firefox vulnerability data and other sources of large vulnerability surface for a planned "Security Slider" UI in Tor Browser.

The Security Slider was first suggested by Roger Dingledine as a way to make it easy for users to trade off between functionality and security, gradually disabling features ranked by both vulnerability count and web prevalence/usability impact.

Original post:

tor browser | The Tor Blog

Tor is having a bit of a crisis, as it's become increasingly clear that the wildly popular network isn't the internet invisibility cloak it was once thought to be. Don't panic. It's not perfect, but it's still the best we've got.

The Tor network is the most popular way to get online anonymously, and that's not going to change in time in the short term. But the service has been rollicked in recent months. A wave of busts that brought down 17 illegal enterprises hidden behind the Tor network last month illustrated that though Tor is largely safe, it's more vulnerable than the average user wants to admit.

The service has also been attacked by reporters who feel the system is compromised because it was originally developed by the U.S. Navy, and because some of the developers behind it have worked with the government before. In a post on Pando, Quinn Norton does a nice job dispelling the myths surrounding Tor's federal ties, which basically comes down to: No level of government interaction can undermine the basic math of encryption.

And Tor's encryption is solid. For those unfamiliar, Tor is software that conceals the location of users and web servers by firing traffic through a global network of relays. It's an ingenious system that for years facilitated basically untraceable internet activity, both illegal and otherwise. It's been used to traffic weapons and drugs, circumvent censorship, and conceal the identity of whistleblowers like Edward Snowden. If you're not using Tor, your location and activity is constantly being tracked. With Tor, the pitch goes, you're basically invisible.

That sense of security was undermined when an international coalition of agencies including the FBI, Immigration and Customs Enforcement, and Department of Homeland Security (in the U.S.) and Europol and Eurojust (in Europe, duh), laid the smack down. The highest profile bust brought down the drug marketplace Silk Road 2.0 and its alleged proprietor Blake Benthall, but it included a total of 17 people and 27 sites, all of whom had put misguided faith in Tor's ability to mask their online dealings.

But how did it happen? Did the agencies crack the anonymous network? A blog post on the Tor Project's website a few days after the attack was quite frank about the organization's ignorance:

So we are left asking "How did they locate the hidden services?". We don't know. In liberal democracies, we should expect that when the time comes to prosecute some of the seventeen people who have been arrested, the police would have to explain to the judge how the suspects came to be suspects, and that as a side benefit of the operation of justice, Tor could learn if there are security flaws in hidden services or other critical internet-facing services.

The post went on to outline myriad ways that law enforcement might have tracked down the operators of illegal websites and the location of their servers. One-by-one, Tor listed vulnerabilities that might have been exploited. They range from technical ways to exploit the code base to unmask users to capturing relays and analyzing their traffic, or even infiltrating the organizations that were running the sites.

What's most striking about Tor's reaction is that the people in charge are completely aware of its vulnerability. The Tor Project operates much like other open source efforts you're probably more familiar with, like Mozilla's Firefox browser or Google's Android operating system. This is admittedly an oversimplification that will horrify developers, but the point is that like those projects Tor evolves thanks to the contributions of an open community. (In fact, the Tor browser is based on Firefoxand it's where it gets one of its known bugs.)

Original post:

Tor Is Still Safe

Globus VPN Browser ! Soon new updating!
THE BEST FREE VPN/TOR BROWSER GLOBUS! Presence of the Firewall, that prevents the scanning of your IP address by Internet intruders. Open Internet access des...

By: Pavel Uss

Read this article:

Globus VPN Browser ! Soon new updating! - Video