10:00 AM
El DiPablo
We reported last Tuesday that some malicious code was found that exploits a vulnerability in Firefox, and is used to snoop on Tor users. All evidence says that the exploit was developed and deployed by U.S. government contractors for the NSA.
In response to the news the folks at the Tor Project have issued a warning to Tor users; STOP USING WINDOWS, AND STOP USING JAVASCRIPT!
From IT World:
The TOR Project is advising that people stop using Windows after the discovery of a startling vulnerability in Firefox that undermined the main advantages of the privacy-centered network.If you haven't switched to Linux yet I recommend doing so now. If you didn't know, I have my own flavor of Linux called Bauer-Puntu Linux that has many anti-government encryption and security tools installed by default to protect your privacy.
The zero-day vulnerability allowed as-yet-unknown interlopers to use a malicious piece of JavaScript to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network.
"Really, switching away from Windows is probably a good security move for many reasons," according to a security advisory posted Monday by The TOR Project.
The TOR Project's reasoning comes from the characteristics of the malicious JavaScript that exploited the zero-day vulnerability. The script was written to target Windows computers running Firefox 17 ESR (Extended Support Release), a version of the browser customized to view websites using TOR.
People using Linux and OS X were not affected, but that doesn't mean they couldn't be targeted in the future. "This wasn't the first Firefox vulnerability, nor will it be the last," The TOR Project warned.
