Warning: file_put_contents(/srv/users/serverpilot/apps/bitupdateus/public/wp-content/plugins/bulk-post-0.4-1/cache/sessions//KbGJT3bYPS1bFX3qlskufmbXB0AwVIbJ35m9sWch): failed to open stream: No space left on device in /srv/users/serverpilot/apps/bitupdateus/public/wp-content/plugins/stupidpie-1.8.3-1/vendor/illuminate/filesystem/Filesystem.php on line 122
  TorMoil: Gap in the Tor browser can unmask users | Bit Updates
Home » bitcoin updates » TorMoil: Gap in the Tor browser can unmask users

TorMoil: Gap in the Tor browser can unmask users

Saturday, November 4th, 2017 | bitcoin updates

          
    
    
    (Photo: Wikimedia)
                
            
             Mac and Linux versions of the Tor browser contain a vulnerability that under certain circumstances betrays the real IP address of the user. A preliminary hotfix is ​​available for download, but does not completely solve the problem.
            

        

        The current versions of the Tor browser for Linux and macOS have an error that invalidates the anonymization: If the user clicks on a link that begins with file: //, the affected operating systems apparently try to open the address on the Tor browser , In this case, the real IP address of the user can be transferred and thus unmask him.
Filippo Cavallarin, head of the security firm We Are Segment, had already discovered the hole called TorMoil (allusion to English turmoil: Turmoil) on 26 October. In a blog post, the company explains that the problem arises from how the Firefox browser opens this type of links. Under Windows, the vulnerability does not occur, even users who use Tails or use the Tor Browser in a sandbox, are not affected by Tor.
Hotfix available, new alpha from MondayZwar you have already worked out on Tuesday, October 31, a hotfix that eliminates the vulnerability. However, version 7.0.9 of the Stable branch browser added to this fix has been available for download since Friday, November 3rd for Linux and macOS. The Tor team strongly recommends that users install this version immediately. This is also true for users who use builds from the alpha branch for which there is currently no hotfix. A revised alpha version for macOS and Linux is expected to be released on Monday, November 6, for macOS and Linux.
However, the current fix has a side effect: clicking on URLs starting with file: // does not work with this version – even if you open it in a new window. Instead, you should drag the address directly into the address bar.
According to Tor, there are currently no indications that the vulnerability is being exploited. However, it is questionable whether this could be checked at all – neither law enforcement agencies nor criminals would probably comment on it and whether those affected to speak out, is also questionable. Especially since they would have to remember it at all.

(BKR)

      

Related

Deficiencies in the elect

              Deficiencies in the electoral software known for months                 

DGAP-News: secunet Securi

secunet Security Networks AG: Extension of the Management Board ^ DGAP-News: secunet Security

iPhone 8 and iPad Pro hav

                         (Image: Apple)                                            Apple's latest mobile devices can also

Ford boosts profit thanks

DEARBORN (dpa-AFX) – Lower costs and good business with SUVs and pick-up trucks