Slashdot Mirror

← Back to Stories (view on slashdot.org)

TorMoil Vulnerability Leaks Real IP Address From Tor Browser Users; Security Update Released (bleepingcomputer.com)

Posted by msmash on from the privacy-woes dept.

Catalin Cimpanu, reporting for BleepingComputer: The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses. The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking. Cavallarin privately reported the issue -- which he codenamed TorMoil -- to the Tor Project last week. Tor Project developers worked with the Firefox team (Tor Browser is based on the Firefox browser) to release a fix. Today, the Tor team released version 7.0.9 to address the vulnerability. Tor Browser 7.0.9 is only available for Mac and Linux users. Tor Browser on Windows is not affected.

5 of 21 comments (clear)

  1. Windows is not affected by jfdavis668 · · Score: 3, Interesting

    Boy, is that a change for once.

    1. Re:Windows is not affected by Anonymous Coward · · Score: 2, Interesting

      Boy, is that a change for once.

      Yes and I read the article hoping to understand why. Boy was I disappointed.

      Is there a good reason the article does not explain how the exploit works or exactly what the vulnerability was? It does admit that black-hats can easily determine this from reverse-engineering the patch. So really, what exactly is the justification for not disclosing the details to everyone else?

    2. Re:Windows is not affected by Anonymous Coward · · Score: 2, Informative

      It's still too early to give a post-mortem for non-technical folks. The bug on Bugzilla will be opened when a proper fix is given, and right now only blackhats will want to know the technical details. Until users have updated to a more secure fix than the current work-around, full transparency isn't a good idea.

  2. Switch to I2P if you are so worried ;-) by williamyf · · Score: 2

    But, on a more serious note, as the summary said, Tor browser on windows is not affected. But, as the summary did not say, Tor Browser on TAILS is also not affected.

    So, grab an ISO for TAILS 3.12, liveboot it in a VM and keep Tor Browsing away...

    --
    *** Suerte a todos y Feliz dia!
    1. Re:Switch to I2P if you are so worried ;-) by mikael · · Score: 2

      That gives a good clue:

      https://ourcodeworld.com/artic...

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads