Dec 03, 2016 12:17 PM EST
Mozilla Firefox And Tor Rolls Out Critical Updates To Block Active Zero-Day Attacks [Video]
Mozilla and Tor rolled out critical patches to their browsers yesterday to block a live attack that is specifically aimed to unmask users of the Firefox-based Tor Anonymity network.
A Tor official issued an announcement saying that the security flaw is found to be active on Windows systems, though no indications have been found exploiting the same on OS X and Linux platforms, the underlying bug still makes the system vulnerable and advised users to update their Tor Browsers immediately as well, Arstechnica reported.
Reacting to the discovery, Mozilla security official Daniel Veditz said the vulnerability has been fixed in the immediate release of a Firefox update for mainstream users. Veditz said they received a copy of the attack code that targeted a previously unknown vulnerability in Firefox. The attack collects real IP and MAC addresses of Windows systems and sends it to a central server, Veditz said.
They found that the attack code is similar to that used by the FBI in 2013 to unmask Tor-protected users and track down those who are engaged in trading child pornography. Veditz wrote in his blog that the uncanny similarity of the code suggests that the exploit was created by the FBI or another law enforcement agency, however, he added that they are not sure whether this is the case.
A 2015 investigation revealed that the FBI used the same method to identify users of a pedophile site Playpen. The judge presiding over the case ordered the agency to detail how it hacked a defendant's computer. A Judge in a related case revealed in a court filing that the FBI had used a "non-publicly-known vulnerability" to hack into suspected individuals on Tor, Motherboard reported.
Veditz stated that this latest incident if it does involve the government clearly, illustrates a problem with law enforcement using zero-day exploits. He stresses that now that it has been published and used by anyone to attack Firefox users demonstrate government's limited hacking can become a threat to the broader web.
See Now: Facebook will use AI to detect users with suicidal thoughts and prevent suicide© 2017 University Herald, All rights reserved. Do not reproduce without permission.
Join the Conversation