Mozilla and Tor Release Urgent Update for Firefox 0-Day Under Active Attack

Mozilla and Tor have introduced browser updates to sum up a Firefox consistence being hampered to identify men who sue the services related to privacy. It is a flaw in terms of security for the immediate release, which is being exploited on Windows. The official of Tor has assured their users that there isn’t any risk currently figured out in their knowledge. They are unable to discover any exploits for Operating System X or Linux as they have implanted several security measures. But still they have insisted the users to go for the update of their Tor Browser as soon as possible.

The Tor browser is said to forged on the Firebox browser which is an open source introduced by the Mozilla foundation. No sooner did the Officials of Mozilla named Daniel Veditz came to know of this problem, he posted on his blog assuring that the issues has been fixed in some currently issued versions of Mozilla Firefox for all the popular users. He further disclosed that the attack code has been discovered who did the exploitation and measures are being taken against it.

The mishap revealed codes when the targets fed malicious JavaScript related to vector graphics. The culprit sent the IP and MAC address of the target to the server, which controlled attacks. The code resembled the technique which investigated network used by law-enforcing agencies, specially that which identified Tor-protected users who seemed to propagate child pornography.

Further similar step was taken in this regard and it was discovered this vulnerability reducing measure was created by FBI or some law-implementing agency. This shows that how restricted government hacking can become a serious threat to the larger web as anyone can use it to attack Firefox users. A different Mozilla security has proved that it can also affect Mozilla’s Thunderbolt e-mail applications and also the extended support version of Firefox used by Tor browsers. It was suggested that this flaw existed in the browser since five years.

The ridiculous load given by the exploit of code-execution is very much similar to that of FBI which it used in 2013 to discover the ones who used trade child pornography via Tor-anonymized website. The source code to the Tor group was absolutely complete, the exploit could be made easily available to lots of people which they manage to use by making slight changes to it.

Other than an update for Firefox an update to NoScript, which is an extension of Firefox in relation to the Top Browser was also released. NoScript is useful, as it does not allow the users to opt for the sites that can and cannot use JavaScript in the browser. Later for privacy reasons the Tor browser installed NoScript in such a manner that permitted all sites to affiliate JavaScript in the browser. Though this point in terms of privacy is still not clear.

It is advisable that the Firefox and Tor users should fix their problems at once. The users are considered to be protected from the attack by keeping the Firefox security to highest level, that may restrict few sights but it is proven safe.

Tor- 'Mystery' Spike in Hidden Addresses

Tor/The Onion Router – Browse Through Web Anonymously

Exceptional spike in the number of hidden addressed on the Tor network has been identified by security expert and Prof Alan Woodward at the University of Surrey had spotted an increase of over 25,000 onion `dark web’ services. Prof Woodward had commented that he was unsure on how best to explain this sudden boom but one possibility was that it could be a sudden swell in the popularity of Ricochet, which is an app that tends to use Tor in enabling anonymous instant messages between users.

 The Onion Router or Tor enables users to browse through the web anonymously by routing their connections through a sequence of various computers and in the process encrypt the data. Prof Woodward had mentioned on his blog that there had not been a similar increase in .onion sites in the history of Tor network.

He had informed BBC that something unprecedented has been happening though at moment that is all what they are aware of. Dr Steven Murdoch at the University College London had mentioned that it is hard to know for certain what could be the reason for the jump. One of the objectives of Tor is to protect people’s privacy by not revealing how they are using Tor.

Rise in the Use of Ricochet - Chat App

Another interest defined by Prof Woodward was that inspite of the rise of hidden addresses; traffic on the network had not perceived a similar spike. He informed that it could be a coincidence that the spike could be due to a network of computers called a botnet unexpectedly using Tor or the hackers had been launching ransonware attacks.

It could also be the outcome of malware which could be creating unique .onion addresses when it tends to infect a user’s computer, though there seems to be no evidence for it. Prof Woodward also mentioned that he is of the belief that a rise in the use of an anonymous chat app known as Ricochet that has just received a huge positive security audit could be the most probable explanation.

Dr Murdoch had stated that this could be a possibility, adding that the spike could also be the result of someone running an experiment on Tor.

Ricochet Use Tor Network in Connecting Two Users

Ricochet tends to use the Tor network in setting up connections between two users who prefer to chat securely. The app’s website states that the same is accomplished without disclosing the locations or the IP address of the users and instead a username, each of the participants tend to receive a unique address like `richchet:rs7ce36jsj24ogfw’.

Though Ricochet had been available for some time, on 15 February reasonably positive results of an audit by security firm NCC Group had been published. Prof Woodward had mentioned on his blog that every new user of Ricochet would have to create a unique onion address while setting up the service and that could account for the flow in services. But he also admitted that 25,000 new users in just a matter of few days for the app, could recommend remarkable growth.

Tor confirmed malicious code that grabbed user identification

The Malicious code was distributed over the web host Freedom Hosting; malicious code actually serves to identify Tor users. This was confirmed by the anonymous project. The malicious code is injected via vulnerability in Firefox. In an analysis of the Tor team has now confirmed that yesterday only came to the knowledge. The malicious code is used for identifying users of the Tor network and the information is sent to a company that works together with the secret. The malicious code targeting to grab used in the Tor Browser Bundle version of Firefox 17.0.6 on Windows. That is now known as the magnetosphere malicious code detected by analysis of the host name and MAC address of the attacked computer and transmits the collected information to the IP address 65.222.202.53, which is hard-coded into the malware. The command-and-control server belongs to the company Science Applications International Corporation, which is close to the FBI and the intelligence community. The IP address belongs to the Autonomous System (AS) the NSA. Mozilla was the weak point in Firefox ESR 17.0.7 and Firefox 22.0 which was later resolved on 25 June 2013. Updated versions of Firefox had been rolled out the next day in the Tor Browser Bundle 2.3.25-10 and 2.4.15-1-alpha, 30 June 2013 and 8 in 3.0alpha2 July 2013 entered into 2.4.15-alpha-1. The vulnerability in the browser is also available in versions for Mac OS X and Linux, but the malware grab apparently only Windows machine, then writes the Tor team in a statement.

It assumes that the attacker has a list of Tor users who use the hidden services of the web host Freedom Hosting. Freedom Hosting uses Tor Hidden Services among others for the provision of anonymous websites. There, among other Web sites with pedophile content provided. In addition, the web hosts connections to reputed Silkroad online drug market. The Tor team, meanwhile, advises users urged to update their Tor Browser Bundle. In addition, users should disable Javascript. In future releases, there will be an easy-to-use interface that allows the use of Javascript can be configured. Since the future also other may be vulnerabilities in Firefox, CSS or SVG are expected to users should also consider using a random MAC address. This is possible, for example, in virtual machines like VirtualBox or VMware. The Tor team also advises to use a firewall to prevent such compounds to command-and-control servers. As an alternative to Windows recommend the Tor makers the live distribution tails. The team also asks for help in the implementation of sandboxes and virtualized solutions for the Tor Browser Bundle.