TOR advises abandoning Windows

Stefan Mileschin · 7th August 2013, 19:51

TOR has warned its users to stay away from Windows after it was revealed that US spooks were spreading malware on the anonymising network using a Firefox zero-day vulnerability

The zero-day vulnerability allowed the FBI and other spooks to to use JavaScript code to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network.

According to a security advisory posted by the TOR Project, the work around is switching away from Windows.

This is because the malicious Javascript that exploited the zero-day vulnerability was written to target Windows computers running Firefox 17 ESR (Extended Support Release), a version of the browser customised to view websites using TOR.

Those using Linux and OS X were unaffected. While there is nothing to stop the spooks writing a version of the code which targets Linux and OS X, it is less likely to happen.

The fake Javascript was likely planted on websites where the attacker was interested to see who visited. The script collected the hostname and MAC address of a person's computer and sent it to a remote computer.

The exploit is targeted specifically to unmask Tor Browser Bundle users without actually installing any backdoors on their host.

http://news.techeye.net/security/tor...doning-windows

7th August 2013, 19:51	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 148,578	TOR advises abandoning Windows TOR has warned its users to stay away from Windows after it was revealed that US spooks were spreading malware on the anonymising network using a Firefox zero-day vulnerability The zero-day vulnerability allowed the FBI and other spooks to to use JavaScript code to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network. According to a security advisory posted by the TOR Project, the work around is switching away from Windows. This is because the malicious Javascript that exploited the zero-day vulnerability was written to target Windows computers running Firefox 17 ESR (Extended Support Release), a version of the browser customised to view websites using TOR. Those using Linux and OS X were unaffected. While there is nothing to stop the spooks writing a version of the code which targets Linux and OS X, it is less likely to happen. The fake Javascript was likely planted on websites where the attacker was interested to see who visited. The script collected the hostname and MAC address of a person's computer and sent it to a remote computer. The exploit is targeted specifically to unmask Tor Browser Bundle users without actually installing any backdoors on their host. http://news.techeye.net/security/tor...doning-windows

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Windows 8.1 will more closely resemble Windows 7 than the original Windows 8 version	jmke	WebNews	0	22nd April 2013 10:04
AMD: We're not abandoning socketed CPUs	jmke	WebNews	3	7th December 2012 08:18
Apple advises that users hold phone differently to remedy purple lens flare	Stefan Mileschin	WebNews	0	9th October 2012 07:38
Microsoft advises nuking Windows Gadgets after security hole discovery	Stefan Mileschin	WebNews	0	12th July 2012 09:31
Existing Windows Phone 7 devices will get updated to Windows Phone 7.8, not Windows 8	Stefan Mileschin	WebNews	0	21st June 2012 09:20
Game Developers Abandoning Google+	Stefan Mileschin	WebNews	0	19th June 2012 08:24
Adobe abandoning Flash Player for TVs as well	Stefan Mileschin	WebNews	0	11th November 2011 09:31
Catalyst(tm) 11.9 for Windows 7, Windows Vista, Windows XP and Linux platforms	Stefan Mileschin	WebNews	0	29th September 2011 11:09
Windows 7, Windows Server 2008 R2 Service Pack 1 hit Windows Update	jmke	WebNews	0	23rd February 2011 10:04
ATI Catalyst™ 9.5 for Windows 7, Windows Vista, Windows XP, and Linux platforms	jmke	WebNews	0	20th May 2009 09:09