The administrators of the Tor Project, which powers the onion router system of the same name, are advising Tor users to stop using the system on a Windows-powered machine.
Freedom Hosting, a Dark Net hosting site hidden behind the walls of the Tor anonymizer, was recently hacked and Eric Eoin Marques, dubbed the “largest facilitator of child porn on the planet” by the FBI, was arrested in Ireland.
The hack used a Firefox vulnerability in JavaScript to introduce a bug that seemed to solely attack Microsoft Windows users.
“To be clear,” wrote Tor’s Roger Dingledine, “while the Firefox vulnerability is cross-platform, the attack code is Windows-specific.”
If you’re legit and don’t want your info exposed, use a different operating system.
Tor is used in part by political dissidents, human rights activities, and NGOs to fly under the radar of overzealous surveillance states and the exposure of their identities could get them, or the people they work with and for, killed.
The advisory also encouraged people to upload the latest version of Tor, which uses a version of Firefox not carrying the vulnerability.
It also suggested people turn off their JavaScript. Although that could change the way some sites load, Java has been a rich source of exploits for hackers for some years. It is so bad, in fact, that even the U.S. government warned people to hit the kill switch.
“JavaScript is one big vector for attack,” wrote Dingledine.
H/T BBC Photo by Microsoft Advertising/Flickr