Recently the release of the new version was presented of the specialized browser Tor Browser 11.0.2, which is focused on guaranteeing anonymity, security and privacy. When using the Tor browser, all traffic is redirected only through the Tor network, and it is impossible to contact directly through the standard network connection of the current system, which does not allow to trace the real IP address of the user.
The new version syncs with Firefox 91.4.0 version base code, which fixes 15 vulnerabilities, 10 of which are marked as dangerous.
7 of the vulnerabilities are caused by memory problems, such as buffer overflows and access to already freed memory areas, and can potentially lead to the execution of an attacker's code by opening specially crafted pages.
Also some ttf sources were removed from the Linux build, whose use caused the violation of the text representation in the interface elements in Fedora Linux.
It is also mentioned that the "network.proxy.allow_bypass" setting was disabled, which controls the activity of protection against misuse of Proxy API plugins and that for the obfs4 transport, the new gateway "deusexmachina" is enabled by default.
On the attack on Tor
On the other hand, also It is worth noting the publication of a new report on possible attempts to carry out attacks to de-anonymize Tor users associated with group KAX17, which is assigned by a specific fake contact email in the node parameters.
During September and October, The Tor project blocked 570 potentially malicious nodes. At its peak, the KAX17 group managed to bring the number of controlled nodes on the Tor network to 900 hosted by 50 different vendors, which corresponds to about 14% of the total number of relays (in comparison, in 2014 attackers managed to gain control over almost half of Tor relays, and in 2020 more than 23,95% of exit nodes).
Hello everyone!
Some of you may have noticed that there is a visible drop in broadcasts on our health consensus website. [1] The reason for this is that yesterday we fired approximately 600 dead-end relays off the grid. In fact, only a small fraction of them held the guard flag, so the vast majority were intermediate relays. We don't have any evidence that these relays were making any attacks, but there are possible attacks that the relays could perform from the middle position. So we decided to remove those relays for the sake of our users' safety.
While we were already tracking some of the relays for a while, a large chunk of them was also independently reported by a cypherpunk and nusenu helped analyze the data. Thank you both on our side.
Placing a large number of nodes controlled by an operator allows users to de-anonymize using a Sybil class attack, which can be done if the attackers have control over the first and last nodes in the anonymization chain. The first node in the Tor chain knows the user's IP address, and the latter knows the IP address of the requested resource, which allows to de-anonymize the request by adding a certain hidden tag on the input node side to the packet headers which remain unchanged throughout the entire anonymization chain and parsing this tag for the output node side. With controlled exit nodes, attackers can also make changes to unencrypted traffic, such as removing redirects to HTTPS variants of sites and intercepting unencrypted content.
According to representatives of the Tor network, most of the nodes removed in the fall were used only as intermediate nodes, it is not used to process incoming and outgoing requests. Some researchers point out that the nodes belonged to all categories and the probability of hitting the entry node controlled by the KAX17 group was 16%, and at the exit, 5%. But even if this is the case, the overall probability of a user simultaneously hitting the input and output nodes of a group of 900 nodes controlled by KAX17 is estimated to be 0.8%. There is no direct evidence of the use of KAX17 nodes to carry out attacks, but such attacks are not excluded.
Finally if you are interested in knowing more about it, you can check the details In the following link.