An attacker has managed to compromise the security of the Tor browser. Details are now emerging of how a hacker managed to take advantage of the inbuilt features of the browser to carry out an attack that forces the browser to expose the real identity of users. Here are three things about the news that you need to know.
What exactly happened?
An attacker managed to take advantage of a small memory error in the Firefox browser using a zero-day exploit. The attacker managed to alter the manner in which the conventional web browser works as part of the exploit. As a result, individuals who have been using the new version of the browser that was released back in September may have been exposed.
How do users lose their identity?
The attackers then force your machine to contact a particular server. The server has a unique code that it sends to your computer. The code forces your computer to reveal specific information that hackers use to unmask your identity.
The identity of the attackers
So far, we do not know the identity of the person behind the zero-day exploit. Interestingly, there are several conspiracy theories about the identity of the attacker now in existence. For example, one theory is that the attacker might even be a state agency. The basis of this theory is that back in 2013, the FBI used a similar approach when attacking VPN users. Also, the zero-day attack has been traced to the servers of a leading French web hosting service. The company is yet to issue a statement about the issue.
What should you do now?
Firefox says that it is fixing the flaw. However, for the sake of your security, you should avoid using a VPN service on your Firefox browser. It is advisable to change your browser for a while until Firefox fixes the problem.