[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] âTor Is Teaming Up With Researchers To Protect Users From FBI Hacking
Found this on Motherboard
https://motherboard.vice.com/read/tor-is-teaming-up-with-researchers-to-protect-users-from-fbi-hacking
> âTor Is Teaming Up With Researchers To Protect Users From FBI Hacking
> Written by
> Joshua Kopstein
> Contributor
>
> June 19, 2016 // 03:28 PM EST
>
> The FBI has had a fair amount of success de-anonymizing Tor users
> over the past few years. Despite the encryption software's
> well-earned reputation as one of the best tools for online privacy,
> recent court cases have shown that government malware has compromised
> Tor users by exploiting bugs in the underlying Firefox browserâone of
> which was controversially provided to the FBI in 2015 by academic
> researchers at Carnegie Mellon University.
>
> But according to a new paper, security researchers are now working
> closely with the Tor Project to create a "hardened" version of the
> Tor Browser, implementing new anti-hacking techniques which could
> dramatically improve the anonymity of users and further frustrate the
> efforts of law enforcement.
>
> Specifically, the researchers are currently testing "Selfrando," a
> technique made to protect against browser exploits such as the one
> reportedly used by the FBI.
>
> The new method is meant to counteract what's known as "code reuse"
> exploits, where rather than attempting the much harder task of
> injecting new malicious code, an attacker will exploit a memory leak
> to reuse code libraries that already exist in the
> browserâessentially, building malware by rearranging things inside
> the application's memory.
>
> To do that, an attacker generally needs to have an idea of where
> certain functions are located within the application's memory space.
> But the current security mechanisms in browsers only randomize the
> locations of code libraries, not the individual functions. Which is
> where the Selfrando technique comes in, creating a random address
> space for internal code that's much harder to exploit.
>
> "Our solution significantly improves security over standard address
> space layout randomization (ASLR) techniques currently used by
> Firefox and other mainstream browsers," the researchers write in
> their paper, whose findings will be presented in July at the Privacy
> Enhancing Technologies Symposium in Darmstadt, Germany.
>
> "The Tor Project decided to include our solution in the hardened
> releases of the Tor Browser, which is currently undergoing field
> testing."
>
> Basically what that means is it's about to get harder to hack the Tor
> Browser, including for law enforcement agencies like the FBI, who
> complain they already don't have enough resources to develop the
> malware necessary to catch terrorists and other serious criminals.
>
> And while that defensive advantage may not last for too long, it
> shows that some in the academic research community are still intent
> on patching the holes that their peers are helping government hackers
> exploit.
>
> Topics: security, anonymity, Tor Browser, hacking, privacy,
> Selfrando, FBI, law enforcement, power, encryption, machines
--
kat
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk