Slash Boxes

SoylentNews is people

posted by takyon on Tuesday August 01 2017, @08:52AM   Printer-friendly
from the click-our-summary's-specially-crafted-URLs dept.

"This release features an important security update to Tor Browser for Linux users. On Linux systems with GVfs/GIO support Firefox allows to bypass proxy settings as it ships a whitelist of supported protocols. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails and Whonix users, and users of our sandboxed Tor Browser are unaffected, though."

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Tuesday August 01 2017, @12:30PM (2 children)

    by Anonymous Coward on Tuesday August 01 2017, @12:30PM (#547607)

    You need to have the system running TBB on an isolated network with a firewalled proxy that in turn only allows Tor connections out. If you did this, as I have, then this direct connect exploit doesn't affect you.

    A VM might be a less secure alternative, but physical system isolation is still the best bet, especially with dumb non-embedded ethernet devices just in case any of management engine systems in use actually CAN be triggered with coded ethernet/IP messages.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 0) by Anonymous Coward on Wednesday August 02 2017, @08:57PM (1 child)

    by Anonymous Coward on Wednesday August 02 2017, @08:57PM (#548111)
    That system probably has to run something popular too. Otherwise if you're the only person in the world running it, it starts becoming more and more identifying ;).