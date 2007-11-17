Stories
Critical Tor Flaw Leaks Users’ Real IP Address

posted by Fnord666 on Tuesday November 07, @06:32PM   Printer-friendly
MrPlow writes:

TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common https:// and http:// address prefixes. When the Tor browser for macOS and Linux is in the process of opening such an address, "the operating system may directly connect to the remote host, bypassing Tor Browser," according to a brief blog post published Tuesday by We Are Segment, the security firm that privately reported the bug to Tor developers.

On Friday, members of the Tor Project issued a temporary work-around that plugs that IP leak. Until the final fix is in place, updated versions of the browser may not behave properly when navigating to file:// addresses. They said both the Windows versions of Tor, Tails, and the sandboxed Tor browser that's in alpha testing aren't vulnerable.

Source: https://arstechnica.com/information-technology/2017/11/critical-tor-flaw-leaks-users-real-ip-address-update-now/

  • (Score: 2) by looorg on Tuesday November 07, @07:09PM

    So for how long as that feature existed? Forever (or well since the beginning of the product)? All your secret surf time not to secret after all ...

