TOR Project: Stop using Windows, disable JavaScript

August 6, 2013 – 5:11 AM

The TOR Project is advising that people stop using Windows after the discovery of a startling vulnerability in Firefox that undermined the main advantages of the privacy-centered network.

The zero-day vulnerability allowed as-yet-unknown interlopers to use a malicious piece of JavaScript to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network.

“Really, switching away from Windows is probably a good security move for many reasons,” according to a security advisory posted Monday by The TOR Project.

The TOR Project’s reasoning comes from the characteristics of the malicious JavaScript that exploited the zero-day vulnerability. The script was written to target Windows computers running Firefox 17 ESR (Extended Support Release), a version of the browser customized to view websites using TOR.

People using Linux and OS X were not affected, but that doesn’t mean they couldn’t be targeted in the future. “This wasn’t the first Firefox vulnerability, nor will it be the last,” The TOR Project warned.

The JavaScript was likely planted on certain websites that the attacker wanted to see who came to visit. The script collected the hostname and MAC (Media Access Control) address of a person’s computer and sent it to a remote computer, the exact kind of data that TOR users hope to avoid revealing while surfing the Internet.

Source:
http://news.techworld.com/security/3462476/tor-project-stop-using-windows-disable-javascript/

You must be logged in to post a comment.