The only reason the Tor project allows JavaScript to be on by default in the Tor browser is usability. JavaScript), then they may be hard pressed to find a viable exploit even if they have access to zero days etc. If the vectors for these zero-days are disabled (e.g. the FBI), they have access to zero-day exploits. In the case of a serious adversary like a state-backed entity (e.g. In general, enabling JavaScript opens the surface area for many more potential attacks against a web browser. You can read more about it in Ars Technica. This caused the computers to call back to an FBI server from their real, non-anonymized IP, leading to the deanonymization of various users. The FBI kept servers online, and then installed javascript paylods which exploited a zero-day exploit in Firefox. The first major incident where this happened was with the "Freedom Hosting" seizure by the FBI. There are a number of known vulnerabilities, that have been used, to deanonymize Tor users via leveraging JavaScript.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |