Thursday, August 08, 2013
TOR browser hacked, leading to vulnerabilities that could identify users to hostile governments; ordinary browser updates urged
Electronic Frontier Foundation is reporting that the TOR browser was recently hacked, probably Sunday, by a java vulnerability that would allow “law enforcement” in non-democratic countries to harvest IP addresses of anonymous users and also identify the services that they use.
The browser vulnerability appears in Firefox 21 or earlier, Thunderbird 17.06 or earlier, or Sea Monkey 2.18 or earlier.
It is believe that the hack was police related, but the possible country was not identified.
Dan Auerbach has the story at EFF here.
TOR does not by itself provide automatic security updates.