Tor Gets Help to Anonymise Users of 'dark web'

Uploaded on 2015-09-15 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

121_rc_fig2_lg.jpg

Internet Assigened Number Authoority (iana): Address Distribution Hierarchy for the Internet

Information about who is using Tor can leak when computers do not know what to do with the network's data and the Tor network is being given help to keep secret what is done via the "dark web" system.

Two proposals have won approval from key Internet bodies that will limit how widely information is shared about sites hosted on Tor. Some of this information has previously been leaked, potentially giving attackers a way to track users.

The move should also make it easier for sites that are hosted on Tor to encrypt data passing to and from users.

Tor, or The Onion Router, lets people browse the web anonymously by shuttling data through several different computers and encrypting it at every step. This network has also become host to many sites that use a .onion suffix in a similar way to the way domains such as .com and .org are used on the world wide web. Many different organisations, including Facebook, whistle-blowing sites and drug marketplaces, use .onion sites because they help to protect the identity of their users. Before now, when the names of .onion sites were included in some applications many computers tried to locate them by consulting the web's public lists of where all websites are found.

The query would produce no useful location information but could be used by eavesdroppers to track down people using the anonymising Tor network.

Privacy campaigners Jacob Appelbaum and Alec Muffet have tabled two proposals designed to stop this data leakage by giving the .onion domain special status and by making developers handle the suffix properly. This would stop computers and browsers looking on the web for information about sites that only exist on Tor.

Iana, the net administration body that oversees domains, approved the Tor.onion domain proposal this week. In addition, the Internet Engineering Task Force, which works on ways to improve the net, has accepted the other proposals that should stop web applications and programs wrongly seeking information about Tor sites. Together, the two proposals will also make it easier for .onion sites to add encryption to protect users further.

"This enables the Tor.onion ecosystem to benefit from the same level of security you can get in the rest of the web," Richard Barnes, Mozilla's security head for Firefox told news site Motherboard. "It adds a layer of security on top."

BBC:   ImageCisco

 

 

« Over 90% of UK Police Requests to Access Calls & Emails Are Granted
Cybersecurity Is A Competition Issue For Business »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Securosis

Securosis

Securosis is an information security research and advisory firm dedicated to improving the practice of information security.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

Cyber Security & Information Systems Information Analysis Center (CSIAC)

Cyber Security & Information Systems Information Analysis Center (CSIAC)

CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.

Mexis

Mexis

Cyber Security Specialists

Cyber Security Specialists

Cyber Security Specialists Limited provide Security services across a wide range of markets, from multi-national Corporate Organisations and Government Agencies, through to smaller Businesses.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

gener8tor

gener8tor

The gener8tor Cybersecurity Accelerator offers a cutting-edge program in San Antonio, home to the second-largest concentration of cybersecurity experts in the United States.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

CyberMaxx

CyberMaxx

At CyberMaxx, our approach to cybersecurity provides end-to-end coverage for our customers – we use offense to fuel defense.

Blackwired

Blackwired

Blackwired has established a new category in cyber security with an intelligence-led model based on the USMC’s Combat Hunter programme ‘Left of Bang’.

Frenos

Frenos

The Frenos Platform helps enterprises understand their most probable attack paths while highlighting the most effective risk mitigations to deter and defend against today’s adversaries.

Socket

Socket

Socket protects software applications and critical services from malware and security threats originating in open source code.

Point Wild

Point Wild

Point Wild is a holding company that acquires, integrates and manages a diverse portfolio of best-in-class cybersecurity brands for consumers and enterprises.