Researchers recently identified a vital Tor browser vulnerability which could potentially leak users’ actual IP addresses to attackers especially when they visit particular types of web pages.
ANNOUNCEMENT: Silk Road is BACK ONLINE NOW as Silk Road 3.1 and open for business. The team did a change and upgrade for a reason we can only assume for security.
Discovered by an Italian research firm named We Are Segment, the vulnerability lies in Firefox, which also affects the Tor browser since the privacy service which permits users to browse across the web anonymously utilizes Firefox in its base.
Commonly known as TorMoil, the Tor browser vulnerability affects Linux and MacOS users, but surprisingly not for Windows.
With respect to the privacy and security of Tor users, it is not yet clear to what extent the effects cover.
We Are Segment security experts privately reported this vulnerability to the Tor browser developers at the end of October.
In return, the developers immediately deployed an exclusive emergency upgrade version of Tor by the name Tor version 7.0.9 for Linux and Mac users.
There’s also an updated version for the MacOS and Linux alpha channels.
In reference to a blog post which was published by We Are Segment, TorMoil is a result of a Firefox problem in typical “file://” URLs.
According to the blog post, TorMoil is activated at the movement when a user clicks on any link that begins with the file:// address, rather than the more widely-used https:// addresses.
The security advisory further went on to state that because of a Firefox error in the processing of typical file:// URLs in either system, there is a window that can cause users’ IP addresses to be leaked.
Once any assigned user (using either a Linux system or a MacOS) accesses a precisely designed webpage, it is possible for the operating system to directly link to the remote host, completely ignoring the Tor browser.
After the discovery and subsequent report, The Tor Project has now developed a temporary solution to prevent the vulnerability from leaking the actual IP address.
According to the developers, this new release is merely a short-term solution that can stop the release of IP addresses as caused by the file:// vulnerability.
The Tor Project went on to confirm that this problem is only with MacOS or Linux-based systems.
Systems running on Window-based Tor browser versions, the sandboxed-Tor-browser and Tails in alpha do not face this problem.
According to the Tor project, there is no evidence which indicates that the TorMoil vulnerability has been exploited by malicious individuals or hackers with a motive of obtaining private information from Tor users such as their IP address.
Nonetheless, the deficiency in evidence is no proof or assurance that the errors within the Tor browser setup have not been actively exploited by malicious individuals.
Security Tip: Use a VPN with Tor
Although they are different in numerous ways, both the Tor browser network and Virtual Private Networks (VPNs) utilize encrypted proxy connections so as to conceal user information.
The wonderful thing is that both Tor and VPN can be utilized together so as to offer an added level of security.
A combination of both software programs can help users properly avoid a number of the shortcomings that come with employing the Tor browser by itself.