Tuesday, August 6, 2013

TorBrowser Security HELL:
Manually Update TorBrowser to
v2.3.25-10 or above NOW!


If you are a TorBrowser user and have not updated it since June 2013, it is URGENT, CRITICAL, IMPORTANT that you manually (automatic update FAILs!) to the most recent version NOW! Got that? NOW!

There is a nasty bug in TorBrowser whereby the version of Firefox it uses will NOT update you to the latest version. It literally LIES to you that you have the latest version. My screenshot image above proves this! If that version happens to be Firefox v17.0.6, you are living in Security HELL. Tor is betraying you and letting evil SURVEILLANCE RATS compromise your anonymity. IOW: It's a total Tor FAIL.

Therefore, if you are using TorBrowser v2.3.25-8 or -9 you must MANUALLY go to the Tor website, download the latest version and install it NOW!


Because I attempt to keep this blog on the level of an average Mac user, and because this SEVERE compromising of TorBrowser has been vastly covered elsewhere, I'm not going to provide details here. Instead, here is a series of links describing the problem as well as theories as to who the evil SURVEILLANCE RATS might be:

Tor security advisory: Old Tor Browser Bundles vulnerable

Investigating Security Vulnerability Report

- Mozilla Security Blog

Attackers wield Firefox exploit to uncloak anonymous Tor users

Publicly available exploit threatens all Tor users unless they take action now. 
-Dan Goodin @ars technica

Update: Researchers say Tor-targeted malware phoned home to NSA

JavaScript attack had a hard-coded IP address that traced back to NSA address block. 
-Sean Gallagher @ars technica

There we go

by Cryptocloud_Team » 05 Aug 2013 13:34

To the TOR Project:

The TorBrowser project is not working. You have GOT to either keep up with EVERY Firefox update or program in a SERIOUS auto-updating system. REMOVE the LIAR code in your implementation of Firefox that tells the user it is up-to-date with the browser when it is NOT!

IOW: Using TorBrowser is DANGEROUS, potentially a way to HURT users rather than protect them. Therefore, immediate change in the project is REQUIRED NOW. You can't delay and expect TorBrowser to maintain its reputation. It won't. It will be marked as a FAILed project. Consider my warning here as one very deliberate mark AGAINST TorBrowser. I'll continue to rail on about this problem UNTIL you fix it permanently. I'm that vehement about real Internet user security. 

Please communicate with me and my Mac security interest group about this situation. We'd be pleased to assist.

:-Derek Currie

No comments:

Post a Comment