[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] âTor Is Teaming Up With Researchers To Protect Users From FBI Hacking

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] âTor Is Teaming Up With Researchers To Protect Users From FBI Hacking
From: Katya Titov <kattitov@xxxxxxxxxx>
Date: Fri, 24 Jun 2016 23:58:28 +1000
Authentication-results: smtp3m.mail.yandex.net; dkim=pass header.i=@xxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 24 Jun 2016 09:58:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1466776720; bh=xcUYGs+6vkRfTbs5QniSEXtTRY+/ONJdlch4/awvOZw=; h=Date:From:To:Subject:Message-ID:X-Mailer:MIME-Version: Content-Type:Content-Transfer-Encoding; b=d8jNRswSk4gLtOnafwqVGeBbaFANHvxQDPki95vKs8Y00T0t01blHvtu1606UVKOj WwWYK4FTDukFU5psh/hycTRTllcRCsoYEOhXWmE5LabFLebAbWLAr6lKyBMIb7WE1p VgDI5yBZGkABWKsTnvxxxUYVbvcoPeMWjoG0QzO0=
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Found this on Motherboard

https://motherboard.vice.com/read/tor-is-teaming-up-with-researchers-to-protect-users-from-fbi-hacking

> âTor Is Teaming Up With Researchers To Protect Users From FBI Hacking
> Written by
> Joshua Kopstein
> Contributor
> 
> June 19, 2016 // 03:28 PM EST
> 
> The FBI has had a fair amount of success de-anonymizing Tor users
> over the past few years. Despite the encryption software's
> well-earned reputation as one of the best tools for online privacy,
> recent court cases have shown that government malware has compromised
> Tor users by exploiting bugs in the underlying Firefox browserâone of
> which was controversially provided to the FBI in 2015 by academic
> researchers at Carnegie Mellon University.
> 
> But according to a new paper, security researchers are now working
> closely with the Tor Project to create a "hardened" version of the
> Tor Browser, implementing new anti-hacking techniques which could
> dramatically improve the anonymity of users and further frustrate the
> efforts of law enforcement.
> 
> Specifically, the researchers are currently testing "Selfrando," a
> technique made to protect against browser exploits such as the one
> reportedly used by the FBI.
> 
> The new method is meant to counteract what's known as "code reuse"
> exploits, where rather than attempting the much harder task of
> injecting new malicious code, an attacker will exploit a memory leak
> to reuse code libraries that already exist in the
> browserâessentially, building malware by rearranging things inside
> the application's memory.
> 
> To do that, an attacker generally needs to have an idea of where
> certain functions are located within the application's memory space.
> But the current security mechanisms in browsers only randomize the
> locations of code libraries, not the individual functions. Which is
> where the Selfrando technique comes in, creating a random address
> space for internal code that's much harder to exploit.
> 
> "Our solution significantly improves security over standard address
> space layout randomization (ASLR) techniques currently used by
> Firefox and other mainstream browsers," the researchers write in
> their paper, whose findings will be presented in July at the Privacy
> Enhancing Technologies Symposium in Darmstadt, Germany.
> 
> "The Tor Project decided to include our solution in the hardened
> releases of the Tor Browser, which is currently undergoing field
> testing."
> 
> Basically what that means is it's about to get harder to hack the Tor
> Browser, including for law enforcement agencies like the FBI, who
> complain they already don't have enough resources to develop the
> malware necessary to catch terrorists and other serious criminals.
> 
> And while that defensive advantage may not last for too long, it
> shows that some in the academic research community are still intent
> on patching the holes that their peers are helping government hackers
> exploit.
> 
> Topics: security, anonymity, Tor Browser, hacking, privacy,
> Selfrando, FBI, law enforcement, power, encryption, machines	

-- 
kat
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Which reputable webmail providers function well with Tor?
Next by Author: Re: [tor-talk] doing a google search creates a 403 forbidden when I'm on the tor network
Previous by thread: Re: [tor-talk] US Federal Court: The Fourth Amendment Does Not Protect Your Home Computer
Next by thread: [tor-talk] The FBI Is Classifying Its Tor Browser Exploit Because 'National Security'
Index(es):
- Author
- Thread