56 matches found
CVE-2020-26230
CVE-2020-26230 affects Radar COVID (Spain) where positives uploading TEKs to the backend can be identified/de-anonymized by an on-path observer. Root cause: backend communication is made only by COVID-19 positives, enabling traffic correlation across networks (MNOs/ISPs/VPNs or on-path attackers)...
Imgur: De-anonymization Attack: Cross Site Information Leakage
Dear Imgur Security Team, We are researchers at the IMDEA Software Institute in Madrid, Spain. We have been working on analyzing Cross-Site Browser Leaks xsleaks and building a tool for finding instances of it on target web sites. Recently we tested imgur.com and discovered a flaw that can affect...
Tor Browser 7.0.8 Information Disclosure
Hi, there is the details for CVE-2017-16541 Tor Browser information disclosure, More infos at: https://www.wearesegment.com/research/tormoil-deanonymize-tor-browser-users-with-automount/ Tor Browser version 7.0.8, and probably prior, for Mac OS X and Linux, is affected by an information disclosur...
Browser Side-Channel Flaw De-Anonymizes Facebook Data
A side-channel vulnerability in Google Chrome and Mozilla Firefox allows drive-by de-anonymization of Facebook users. An exploit would allow an attacker to pick up the profile picture, username and the “likes” of unsuspecting visitors who find themselves landing on a malicious website – with no...
Tor: De-anonymization by visiting specially crafted bookmark.
There is a way to import logs in 'about:memory' from local disk, however, tested on windows you can pass a network url that may point to attack controlled server which logs IP's. This connection is done by windows presumably and so doesn't hide real IP of Tor user. 1. Have victim drag and drop an...
Dangerous liaisons
It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We're talking here about...
Деанонимизация пользователей Darknet(TOR, i2p(d), etc) & SOX &VPN аудиозакладками
Вообщем то ссылка на 33с3 уже была запощена в основном топике, но я хотел бы акцентировать общее внимание на презентацию Talking Behind Your Back On the Privacy & Security of the Ultrasound Tracking Ecosystem от Vasilios Mavroudis и Federico Maggi. Вкратце, суть такова: В 2012 году была основана...
Alpha Version of Sandboxed Tor Browser Released
A sandboxed version of the Tor Browser was released over the weekend, and while there are still some rough edges and bugs – potentially major, according to the developer– it could be the first step toward protecting Tor users from recent de-anonymization exploits. Yawning Angel, a longtime Tor...
Selfrando Technique Mitigates Attacks Unmasking Tor Users
The FBI’s apparent capability to unmask users of the Tor Network has caused hand-wringing among those concerned with privacy and civil liberties, many of whom are busy trying to win legal battles to get law enforcement to confess as to how they’re doing it. A team of academics and researchers,...
Yik Yak Patches Privacy Flaw in iOS App
Yik Yak, an application that allows users to share purportedly anonymous status updates with others near them, has fixed a critical vulnerability in its iOS app that could have de-anonymized users and let attackers take total control of someone’s account. Yik Yak’s security team was apparently...
Researchers Demonstrate Zero-Day Vulnerabilities in Tails Operating System
The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone’s identity, actually lie in the I2P software that’s bundled with...
Design/Logic Flaw
The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by 1 using a screen reader or 2 reading the HTML source...
CVE-2014-0215
The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by 1 using a screen reader or 2 reading the HTML source...
CVE-2014-0215
The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by 1 using a screen reader or 2 reading the HTML source...
CVE-2014-0215
CVE-2014-0215 affects Moodle versions up to 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3. The vulnerability stems from the blind-marking implementation, allowing remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading th...
New Tor Release Fixes De-Anonymization Attack
The Tor Project has released a new version of its client software to fix a serious vulnerability that allows an attacker to strip users of their anonymity on the network. The new version also includes a number of other security and privacy fixes. The attack that enables the anonymity stripping...