Tor Project Sets Up Cloud Bridge Project on Amazon EC2

The Tor Project has started a new system designed to help people start and run Tor bridges in the cloud using Amazon’s EC2 platform. The Tor Cloud runs on Amazon’s new micro-instance tier that lets people run instances for free for the first year. Tor is used by people around the world to help...

New Tor Release Fixes De-Anonymization Attack

The Tor Project has released a new version of its client software to fix a serious vulnerability that allows an attacker to strip users of their anonymity on the network. The new version also includes a number of other security and privacy fixes. The attack that enables the anonymity stripping...

Security Solutions for Beast attack against SSL/TLS Vulnerability

Security Solutions for Beast attack against SSL/TLS Vulnerability Juliano Rizzo and Thai Duong presented a new attack on Transport Layer Security TLS at the Ekoparty security conference in Buenos Aires, Argentina. The researchers found that encryption, which should protect us, when we connect to...

Diginotar Keeping Tor Project In The Dark On Fraudulent Certificates

A co-founder of The Tor Project says his organization is being kept in the dark about the status of a dozen fraudulent SSL certificates issued in its name by a compromised root server operated by Diginotar. The bogus certificates could be used to carry out man in the middle attacks, or trick...

Dutch Site Claims Mozilla, Yahoo, WordPress, Tor Project All Targets in DigiNotar Attack

There are more signs that a July compromise of DigiNotar, a certificate authority based in the Netherlands, may have been driven by political motives. A Dutch Web site, nu.nl, reported on Wednesday that digital certificates belonging to Mozilla, Yahoo.com, WordPress and The Tor Project were among...

Attacking and Defending the Tor Network

BOSTON–The Tor Project has become a vital mechanism for privacy advocates, human rights activists, journalists and others in sensitive positions to evade online censorship and persecution. And while the governments interested in limiting user access to the Internet and controlling content have ha...

Debian DSA-2199-1 : iceape - ssl certificate blacklist update

This update for the Iceape internet suite, an unbranded version of SeaMonkey, updates the certificate blacklist for several fraudulent HTTPS certificates. More details can be found in a blog posting by Jacob Appelbaum of the Tor project. The oldstable distribution lenny is not affected. The iceap...

EFF and Tor Launch HTTPS Everywhere Firefox Extension

Two prominent privacy-rights organizations, the Tor Project and the Electronic Frontier Foundation, have launched a new Firefox extension that encrypts all of the browser’s communications with some prominent Web sites. The extension, called HTTPS Everywhere, is designed to create secure HTTPS...

Tor Servers Hacked

Two of the seven directory authority servers that the Tor Project uses to run its anonymous browsing service have been compromised, along with a new server that the project uses to host metrics and graphs. The project’s organizers discovered the attack earlier this month and are advising users wh...

tor-devel -- DNS resolution vulnerability

The Tor Project reports: A malicious exit relay could convince a controller that the client's DNS question resolves to an internal IP address...