#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

anonymity software | Breaking Cybersecurity News | The Hacker News

Warning: Critical Tor Browser Vulnerability Leaks Users' Real IP Address—Update Now

Warning: Critical Tor Browser Vulnerability Leaks Users’ Real IP Address—Update Now
Nov 04, 2017
If you follow us on Twitter , you must be aware that since yesterday we have been warning Mac and Linux users of the Tor anonymity browser about a critical vulnerability that could leak their real IP addresses to potential attackers when they visit certain types of web pages. Discovered by Italian security researcher Filippo Cavallarin, the vulnerability resides in FireFox that eventually also affects Tor Browser, since the privacy-aware service that allows users to surf the web anonymously uses FireFox at its core. Dubbed by the researcher as TorMoil , the vulnerability affects Tor browser for macOS and Linux and not for Windows, but keeping in mind the security and privacy of Tor users, details about this flaw has not been yet publicly revealed. Cavallarin, CEO of the security firm We Are Segment, privately reported the security vulnerability to Tor developers on Thursday (October 26), and the Tor developers have rolled out an emergency update Tor version 7.0.8 . According

The Tor Project to Beef Up Privacy with Next-Generation of Onion Services

The Tor Project to Beef Up Privacy with Next-Generation of Onion Services
Nov 03, 2017
The Tor Project has made some significant changes to its infrastructure by improving the way the 'onion' network protects its users' privacy and security. Since the beginning, the largest free online anonymity network has been helping users browse the web anonymously, and its onion service provides a network within which encrypted websites can be run anonymously. However, the infrastructure design and encryption behind the service has become little outdated, eventually leaving it vulnerable to potential and resourceful attackers. Tor network has become such a potential target that even Zerodium, a company that acquires and resells zero-day exploits, is ready to pay $1 million for Tor zero-day exploits . Keeping these concerns in mind, the Tor Project has been working to upgrade its infrastructure over the past four years, and the good news is… A few weeks ago, the Tor Project announced the release of Tor 0.3.2.1-alpha that includes support for the next generati

How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive
Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ

Tor Launches Bug Bounty Program — Get Paid for Hacking!

Tor Launches Bug Bounty Program — Get Paid for Hacking!
Jul 20, 2017
With the growing number of cyber attacks and breaches, a significant number of companies and organisations have started Bug Bounty programs for encouraging hackers, bug hunters and researchers to find and responsibly report bugs in their services and get rewarded. Following major companies and organisations, the non-profit group behind Tor Project – the largest online anonymity network that allows people to hide their real identity online – has finally launched a " Bug Bounty Program ." The Tor Project announced on Thursday that it joined hands with HackerOne to start a public bug bounty program to encourage hackers and security researchers to find and privately report vulnerabilities that could compromise the anonymity network. HackerOne is a bug bounty startup that operates bug bounty programs for companies including Yahoo, Twitter, Slack, Dropbox, Uber, General Motors – and even the United States Department of Defense for Hack the Pentagon initiative. Bug bo

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

cyber security
websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.

Tor Project Releases Sandboxed Tor Browser 0.0.2

Tor Project Releases Sandboxed Tor Browser 0.0.2
Dec 12, 2016
The non-profit organization behind TOR – the largest online anonymity network that allows people to hide their real identity online – has launched an early alpha version of Sandboxed Tor Browser 0.0.2 . Yes, the Tor Project is working on a sandboxed version of the Tor Browser that would isolate the Tor Browser from other processes of the operating system and limit its ability to interact or query low-level APIs that can lead to the exposure of real IP addresses, MAC addresses, computer name, and more. Sandboxing is a security mechanism for separating running programs. When an application is sandboxed, its process runs in a separate environment from the underlying operating system, so that errors or security issues in that application can not be leveraged to affect other parts of the OS. Sandbox applications are enabled in their own sequestered area and memory, where they can be worked on without posing any threat to other applications or the operating system. Major modern br

Warning: Over 100 Tor Nodes Found Designed to Spy On Deep Web Users

Warning: Over 100 Tor Nodes Found Designed to Spy On Deep Web Users
Jul 26, 2016
Researchers have discovered over 100 malicious nodes on the Tor anonymity network that are "misbehaving" and potentially spying on Dark Web sites that use Tor to mask the identities of their operators. Two researchers, Amirali Sanatinia and Guevara Noubir, from Northwestern University, carried out an experiment on the Tor Network for 72 days and discovered at least 110 malicious Tor Hidden Services Directories (HSDirs) on the network. The nodes, also known as the Tor hidden services directories ( HSDirs ) are servers that act as introductory points and are configured to receive traffic and direct users to hidden services (" .onion " addresses). In other words, the hidden services directory or HSDir is a crucial element needed to mask the true IP address of users on the Tor Network. But, here's the issue: HSDir can be set up by anyone. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and

Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes

Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes
Jul 19, 2016
Another blow to the Tor Project : One of the Tor Project's earliest contributors has decided to quit the project and shut down all of the important Tor nodes under his administration. Lucky Green was part of the Tor Project before the anonymity network was known as TOR. He probably ran one of the first 5 nodes in the TOR network at its inception and managed special nodes inside the anonymity network. However, Green announced last weekend that "it is no longer appropriate" for him to be part of the Tor Project, whether it is financially or by providing computing resources. TOR, also known as The Onion Router , is an anonymity network that makes use of a series of nodes and relays to mask its users' traffic and hide their identity by disguising IP addresses and origins. The TOR network is used by privacy-conscious people, activists, journalists and users from countries with strict censorship rules. Crucial and Fast TOR Nodes to be Shut Down Soon Alongs

Here's How Riffle Anonymity Network Protects Your Privacy better than Tor

Here's How Riffle Anonymity Network Protects Your Privacy better than Tor
Jul 16, 2016
Online privacy is an Internet buzzword nowadays. If you are also concerned about the privacy of your web surfing, the most efficient way is to use TOR – a free software that lets users communicate anonymously by hiding their actual location from snoopers. Although TOR is a great anonymous network, it has some limitations that could still allow a motivated hacker to compromise the anonymity of legions of users, including dark web criminals as well as privacy-minded innocents. Moreover, TOR (The Onion Network) has likely been targeted by the FBI to arrest criminals , including the alleged Silk Road 2 lieutenant Brian Richard Farrell, who was arrested in January 2014. Even the TOR Project accused the FBI of paying the researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose a technique that could help the agency unmask TOR users and reveal their IP addresses as part of a criminal investigation. So, what's next? Is there an alternative? Well, most p

More than 1 million People now access Facebook Over Tor Network

More than 1 million People now access Facebook Over Tor Network
Apr 22, 2016
In Brief Facebook has hit another Milestone: More than 1 MILLION people, or you can say privacy conscious, are accessing Facebook over TOR. Facebook proudly announced today that, this month, for the first time, the people connected to the anonymous version of Facebook that's accessible only through the TOR anonymity network exceeded 1 Million – an increase of almost 100% in the past ten months. Today, when global surveillance system continues to grow, encryption has the power to protect users' security and privacy online. And it is ultimately a good thing that companies like Facebook are competing on users' security. In 2014, Facebook launched a special version of its website that runs only with the help of Tor anonymity software that offers privacy to users. Tor anonymity software or Tor browser secures and encrypts connections to prevent cyber criminals or law enforcement agencies from tracking users' web activity. Tor users can visit Facebook's Tor hidden s

FBI is fighting back against Judge's Order to reveal TOR Exploit Code

FBI is fighting back against Judge's Order to reveal TOR Exploit Code
Mar 29, 2016
Last month, the Federal Bureau of Investigation (FBI) was ordered to reveal the complete source code for the TOR exploit it used to hack visitors of the world's largest dark web child pornography site, PlayPen. Robert J. Bryan, the federal judge, ordered the FBI to hand over the TOR browser exploit code so that defence could better understand how the agency hacked over 1,000 computers and if the evidence gathered was covered under the scope of the warrant. Now, the FBI is pushing back against the federal judge's order. On Monday, the Department of Justice (DOJ) and the FBI filed a sealed motion asking the judge to reconsider its ruling, saying revealing the exploit used to bypass the Tor Browser protections is not necessary for the defense and other cases. In previous filings, the defence has argued that the offensive operation used in the case was " gross misconduct by government and law enforcement agencies, " and that the Network Investigative Technique (NIT)

Subgraph OS — Secure Linux Operating System for Non-Technical Users

Subgraph OS — Secure Linux Operating System for Non-Technical Users
Mar 04, 2016
Information security and privacy are consistently hot topics after Edward Snowden revelations of NSA's global surveillance that brought the world's attention towards data protection and encryption as never before. Moreover, just days after Windows 10 's successful launch last summer, we saw various default settings in the Microsoft's newest OS that compromise users' privacy , making a large number of geeks, as well as regular users, migrate to Linux. However, the problem is that majority of users are not friendly to the Linux environment. They don't know how to configure their machine with right privacy and security settings, which makes them still open to hacking and surveillance. However, this gaping hole can be filled with a  Debian-based  Security-focused Linux operating system called Subgraph OS: A key solution to your Privacy Fear. Subgraph OS is a feather weighted Linux flavor that aims to combat hacking attacks easier, even on fai

Judge Confirms Government Paid CMU Scientists to Hack Tor Users for FBI

Judge Confirms Government Paid CMU Scientists to Hack Tor Users for FBI
Feb 25, 2016
Everything is now crystal clear: The security researchers from Carnegie Mellon University (CMU) were hired by the federal officials to discover a technique that could help the FBI Unmask Tor users and Reveal their IP addresses as part of a criminal investigation. Yes, a federal judge in Washington has recently confirmed that the computer scientists at CMU's Software Engineering Institute (SEI) were indeed behind a hack of the TOR project in 2014, according to court documents [ PDF ] filed Tuesday. In November 2015, The Hacker News reported that Tor Project Director Roger Dingledine accused the Federal Bureau of Investigation (FBI) of paying the CMU, at least, $1 Million for providing information that led to the criminal suspects identification on the Dark Web . After this news had broken, the FBI denied the claims , saying "The allegation that we paid [CMU] $1 Million to hack into TOR is inaccurate."  Meanwhile, the CMU also published a press

Default Apache Configuration Can Unmask Tor Hidden Services

Default Apache Configuration Can Unmask Tor Hidden Services
Feb 01, 2016
Attention Tor Onion Hosters! A year old loophole in Apache Web Server, uncovered by an unknown Computer Science Student, could potentially unmask the real identity of .onion-domains and servers hidden behind the Tor-network. Although the loophole was reported on Reddit and to the Tor Project months back, it recently came to the limelight soon after a tweet by Alec Muffet , a well-known security enthusiast and current software engineer at Facebook. What is Tor Hidden (.onion) Service? Dark Web websites (generally known as 'onion services') with a special domain name that ends with .onion, are called Tor Hidden Service and reachable only via the Tor network. Tor Hidden Service is a widely popular anonymity network used by Whistleblowers, Underground Markets, Defense Networks and more in order to maintain secrecy over the Internet. An Onion Website can be hosted on the top of any web servers. But, if you are choosing Apache, then you need to rethink.

Facebook adds Built-in Tor Support for its Android App

Facebook adds Built-in Tor Support for its Android App
Jan 19, 2016
Rejoice for Privacy Lovers! Facebook today took a surprising move by announcing that it is bringing the free anonymizing software TOR support to its Android app , almost two years after the social network planned to make Facebook available directly over Tor network. Yes. Believe it or not, the Android version of the popular Facebook application now supports the Tor anonymity network. In October 2014, Facebook launched a .onion website on TOR in order to let its users around the world access its service more securely. Access Facebook over TOR via Orbot This latest move to expand that access to the Android app opens up the option to millions more users to maintain their privacy when they visit the world's most popular social network. Facebook says "a sizeable community of people" are already accessing the site over TOR, so the company is bringing this feature to Android via the free Orbot proxy app , which is available on the Google's Play

France will not Ban Public Wi-Fi Or Tor Network, Prime Minister Valls Confirms

France will not Ban Public Wi-Fi Or Tor Network, Prime Minister Valls Confirms
Dec 11, 2015
Despite the French Ministry of Interior's demands, France will not ban the TOR anonymity network or Free public Wi-Fi as a way to help the law enforcement fight terrorism. French Prime Minister Manual Valls has gone on record saying that a ban on Free public Wi-Fi is " not a course of action envisaged ," and he is not in favor of banning the TOR anonymity network, either. Following the deadly terror attacks on Paris last month, an internal document obtained by Le Monde indicated that French government wanted to block communications of TOR as well as ban the use of Free Public Wi-Fi during states of emergency in an effort to fight terrorism more efficiently. However, according to France PM, banning Encrypted Communications could affect the country's economy and security. Must Read:  FBI Director Asks Tech Companies to At least Don't Offer End-to-End Encryption TOR and Free Wi-Fi Safe in France, PM Says  " A ban of [free public] W

France wants to BAN Tor and Free Wi-Fi Services after Paris Terror Attacks

France wants to BAN Tor and Free Wi-Fi Services after Paris Terror Attacks
Dec 07, 2015
Now this was to be done, Sooner or Later – The Government. In the wake of the recent deadly Paris terror attacks, the French government is considering new laws that would Ban access to Free Wi-Fi and the Tor anonymity network, according to a recent report by French newspaper Le Monde. The report cites an internal document from the Ministry of Interior by French Department of Civil Liberties and Legal Affairs (DLPAJ) that lists two proposed bills – one around the State of Emergency and the other on combating counter-terrorism. Last month's Paris attacks started blame games, calling Edward Snowden and end-to-end encrypted services responsible for the ISIS-sponsored massacre. Also Read: Anonymous declares War on ISIS: 'We will Hunt you Down!' Now, the government has started renewing their assault on encryption and reviving their efforts to force tech companies to hand over encryption keys, and the document obtained by Le Monde hints the same. Proposed Pieces of Legis

FBI denies paying $1 MILLION to Unmask Tor Users

FBI denies paying $1 MILLION to Unmask Tor Users
Nov 14, 2015
Just day before yesterday, the Tor Project Director Roger Dingledine accused the FBI of paying the Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered to unmask Tor users and reveal their IP addresses. However, the Federal Bureau of Investigation has denied the claims. In a statement, the FBI spokeswoman said , "The allegation that we paid [CMU] $1 Million to hack into Tor is inaccurate." The Tor Project team discovered more than hundred new Tor relays that modified Tor protocol headers to track online people who were looking for Hidden Services , and the team believes that it belongs to the FBI in order to reveal the identity of Tor-masked IP addresses. One such IP address belongs to Brian Richard Farrell , an alleged Silk Road 2 lieutenant who was arrested in January 2014. The attack on Tor reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the flaw. Within few

FBI reportedly Paid $1 Million to University Researchers for UnMasking Tor Users

FBI reportedly Paid $1 Million to University Researchers for UnMasking Tor Users
Nov 12, 2015
The non-profit Tor Project has accused the FBI of paying the security researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose the technique they had discovered that could help them… …Unmask Tor users as well as Reveal their IP addresses as part of a criminal investigation. As evidence, the Tor Project points to the cyber attack that it discovered last year in July. The team discovered more than hundred new Tor relays that modified Tor protocol headers to track people who were looking for Hidden Services – web servers hosted on Tor that offers more privacy. The Evidence The unknown attackers used a combination of nodes and exit relays, along with some vulnerabilities in the Tor network protocol that let them uncovered users' real IP addresses. The attack reportedly began in February 2014 and ran until July 2014, when the Tor Project discovered the vulnerability. Within few days, the team updated its software and rolled out new ve

How Spies Could Unmask Tor Users without Cracking Encryption

How Spies Could Unmask Tor Users without Cracking Encryption
Aug 01, 2015
T he O nion R outer (Tor) is weeping Badly! Yes, Tor browser is in danger of being caught once again by the people commonly known as " Spies ," who's one and only intention is to intrude into others' network and gather information. A team of security researchers from Massachusetts Institute of Technology (MIT) have developed digital attacks that can be used to unmask Tor hidden services in the Deep Web with a high degree of accuracy. The Tor network is being used by journalists, hackers, citizens living under repressive regimes as well as criminals to surf the Internet anonymously. A plethora of nodes and relays in Tor network is used to mask its users and make tracking very difficult. Any user when connects to Tor, the connection gets encrypted and routed through a path called a "circuit ." The request first reaches an entry node, also known as a ' Guard ' that knows the actual IP address of the user, and then goes through every ho
Cybersecurity Resources