Subscribe to our newsletters
Sign Up

The Hacker News — Cyber Security, Hacking, Technology News

Thursday, July 20, 2017 Mohit Kumar

tor-browser-bug-bounty-program
With the growing number of cyber attacks and breaches, a significant number of companies and organisations have started Bug Bounty programs for encouraging hackers, bug hunters and researchers to find and responsibly report bugs in their services and get rewarded.

Following major companies and organisations, the non-profit group behind Tor Project – the largest online anonymity network that allows people to hide their real identity online – has finally launched a "Bug Bounty Program."

The Tor Project announced on Thursday that it joined hands with HackerOne to start a public bug bounty program to encourage hackers and security researchers to find and privately report vulnerabilities that could compromise the anonymity network.

HackerOne is a bug bounty startup that operates bug bounty programs for companies including Yahoo, Twitter, Slack, Dropbox, Uber, General Motors – and even the United States Department of Defense for Hack the Pentagon initiative.

Bug bounty programs are cash rewards gave by companies or organisations to white hat hackers and researchers who hunt for serious security vulnerabilities in their website or products and then responsibly disclose them.

The Tor Project announced its intention to launch a public bug bounty program in late December 2015 during a talk by the Tor Project at Chaos Communication Congress (CCC) held in Hamburg, Germany. However, it launched the invite-only bounty program last year.

The highest payout for the flaws has been kept $4,000 — bug hunters can earn between $2,000 and $4,000 for High severity vulnerabilities, between $500 and $2,000 for Medium severity vulnerabilities, and a minimum of $100 for Low severity bugs.

Moreover, less severe issues will be rewarded with a t-shirt, stickers and a mention in Tor's hall of fame.
"Tor users around the globe, including human rights defenders, activists, lawyers, and researchers, rely on the safety and security of our software to be anonymous online," Tor browser developer Georg Koppen said in a blog post. "Help us protect them and keep them safe from surveillance, tracking, and attacks."
The Tor Project is a non-profit organisation behind the Tor anonymizing network that allows any online user to browse the Internet without the fear of being tracked.

The Project first announced its plan to launch the bug bounty program weeks after it accused the FBI of paying the researchers of Carnegie Mellon University (CMU) at least $1 Million to help them Unmask Tor users and reveal their IP addresses, though FBI denies the claims.

Friday, July 24, 2015 Mohit Kumar

Introducing 93GBps High-Speed Tor-Like Encrypted Anonymous Network
I think you'll agree with me when I say:

It's quite hard to maintain anonymity on the Internet using the slow Tor network. Or is it?

Well, it turns out, you may soon boost your online anonymity dramatically with the help of a new high-speed anonymity network.

A group of six academics have developed a Tor network alternative for users that allows high-speed anonymous web surfing, reinforcing the privacy of Internet users worldwide.

The network is dubbed:

HORNET: High-speed Onion Routing at the Network Layer


Many anonymising networks, including The Onion Router (or TOR) network, are often slow because the data passing through the networks is encrypted a many numbers of times.

However, the high-speed onion routing network HORNET is capable of handling anonymous traffic at speeds of more than 93 Gbps while maintaining privacy.

The new anonymous network is built by researcher Chen Chen of Carnegie Mellon University, along with Daniele Enrico Asoni, Adrian Perrig and David Barrera of the Zurich's Federal Institute of Technology, and George Danezis of University College London.

The security researchers' ultimate goal is "Internet-scale anonymity."


In a paper (PDF) titled HORNET: High-speed Onion Routing at the Network Layer, the team says Hornet is a low-latency onion routing system that enables end-to-end anonymous channels with a quicker and more secure alternative to Tor.

Tor network, which handles over 2 Million user on its network daily, is currently used by journalists, activists, law enforcement and hackers to disguise from where they are browsing the Internet.

However, Tor has its faults. It is often slow and frustrating because its performance is based on the number of systems that make up the network. HORNET aims to resolve this issue.
"[HORNET] is designed to be highly efficient," reads the paper, "instead of keeping state at each relay, connection state (such as onion layer decryption keys) is carried within packet headers, allowing intermediate nodes to quickly forward traffic for large numbers of clients."

High Speed with High level of Security


Researchers say that unlike TOR-like systems, HORNET does not keep per-session states or "perform computationally expensive operations for data forwarding," allowing it to scale as required without any limitations.

Moreover, the changes done by the team made HORNET less susceptible to confirmation attacks that have been used to unmask users of Tor by monitoring traffic streams and packet flows.

HORNET raises the security bar since spy agencies or hackers would need to control "a significant percentage of ISPs" across multiple geopolitical areas, while keeping their whole surveillance operation quiet and spying on HORNET's users effectively.

The new Tor-Style networks could be of great help to users who are currently relying on Tor and other onion routing systems. You can download the paper PDF for full technical details on HORNET.

Newsletter Subscription

Subscribe to our newsletter and get all latest hacking news, free eBooks delivered to your inbox.

Join Over 450,000 Subscribers!