The latest update for privacy-minded folks’ favorite way to surf the web should make others’ attempts at tracking what they do even more difficult. The Tor browser’s 7. 0 version introduces a sandbox feature that, according to an interview on the Tor blog , should “make life a lot harder” for people using a Firefox exploit to discern the identities of a user. “It’s like Plato’s Allegory of the Cave, ” Tor developer Yawning Angel said. “The only reality Tor Browser knows is inside of the sandbox (cave). We prevent it from interacting with the rest of your computer (the outside world), except via the Tor Network (shadows on the wall).” The college philosophy class you barely remember aside, what the sandbox does is hides your files, your real IP address and your MAC address from the browser. Therefore, “the amount of information Tor Browser will learn about your computer, and thereby you, will be limited, ” Angel said. At the time of that interview last October, the sandbox was still unstable and very much in testing, but the recent update has brought the digital safe-zone online for Linux and macOS, and by default. Next up? Sandbox protection for Windows users. The update also imposes a few new requirements for users on Windows and macOS: Tor apparently won’t work on non-SSE2-capable Windows hardware and you need to be running OSX 10.9 or higher on Apple machines. Considering that last year a federal judge said that the FBI no longer needs warrants to hack a computer connected to the internet, this is an important update. “Even an internet user who employs the Tor network in an attempt to mask his or her IP address lacks a reasonable expectation of privacy in his or her IP address, ” judge Henry Coke Morgan, Jr commented at the time. For the full rundown of what’s changed with the browser, hit the source links below. Source: Tor (1) , (2)
Read More:
Tor Browser 7.0 works harder to protect your anonymity on its own
An anonymous reader writes: Microsoft’s security team has come across a malware family that uses Intel’s Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool. The problem with Intel AMT SOL is that it’s part of Intel’s ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off. Inside Intel’s ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. Furthermore, because this virtual network interface runs inside ME, firewalls and security products installed on the main OS won’t detected malware using AMT SOL to exfiltrate data. The malware was created and used by a nation-state cyber-espionage unit codenamed PLATINUM, active since 2009, and which has targeted countries around the South China Sea. PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year [PDF], the OS maker said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer. Details about PLATINUM’s recent targets and attacks are available in a report [PDF] Microsoft released yesterday. Read more of this story at Slashdot. 