TOR is warning Internet users to abandon Windows after it was revealed that American spooks were spreading malware on the popular anonymizing network exploiting Firefox zero-day vulnerability. The latter allowed the FBI to use JavaScript code in order to harvest crucial identifying data on PCs visiting some services using The Onion Router network.
TOR developers suggest users to simply switch away from Windows. The matter is that the malicious Javascript which exploited zero-day vulnerability was created to target Windows PCs running Firefox 17 ESR, a version customized to view websites through TOR.
In the meantime, people using Linux and OS X remained unaffected. Although there’s nothing to stop the spooks writing a version of the code targeting Linux and OS X, it is still less likely to happen. It seems that the fake Javascript was planted on services where the attacker was interested to see who visited. It collected the hostname and MAC address of a user’s PC and sent it to a remote computer. This exploit was targeted specifically to unmask people using Tor Browser Bundle without really installing any backdoors on their host.
The TOR developers also recommended peoples to turn off Javascript by clicking the blue "S" by the green onion within the TOR browser. They explained that disabling JavaScript may reduce users’ vulnerability to other attacks similar to the last one. However, disabling JavaScript would make some online services not work like users expect. A future version of the browser will have an easier interface to allow people to configure their JavaScript settings. Although Mozilla has already patched the hole in Firefox, some users may still be using the earlier versions of the TOR Browser Bundle.
TOR developers suggest users to simply switch away from Windows. The matter is that the malicious Javascript which exploited zero-day vulnerability was created to target Windows PCs running Firefox 17 ESR, a version customized to view websites through TOR.
In the meantime, people using Linux and OS X remained unaffected. Although there’s nothing to stop the spooks writing a version of the code targeting Linux and OS X, it is still less likely to happen. It seems that the fake Javascript was planted on services where the attacker was interested to see who visited. It collected the hostname and MAC address of a user’s PC and sent it to a remote computer. This exploit was targeted specifically to unmask people using Tor Browser Bundle without really installing any backdoors on their host.
The TOR developers also recommended peoples to turn off Javascript by clicking the blue "S" by the green onion within the TOR browser. They explained that disabling JavaScript may reduce users’ vulnerability to other attacks similar to the last one. However, disabling JavaScript would make some online services not work like users expect. A future version of the browser will have an easier interface to allow people to configure their JavaScript settings. Although Mozilla has already patched the hole in Firefox, some users may still be using the earlier versions of the TOR Browser Bundle.