A bridge is a Tor server, generally with a secret IP address so it's harder to block, that just forwards traffic onto the Tor network for people. This update greatly improves our support for bridges, which let people quickly and easily circumvent this sort of censorship. Because OnionShare relies on Tor, this means that Russia is preventing people from using OnionShare as well. For example, in December, several Russian ISPs started blocking Tor as well as censoring access to. It's becoming alarmingly more common to see hostile governments pressure internet providers to block access to the Tor network. The consequences of sensitive configuration changes.Ĭheck out the full penetration test report, which I summarize at the end of this post. Sane default configurations were chosen and inexperienced users are warned about Our general impression is that the Onionshare project has no major security vulnerabilities and can be used within the User-controlled input is minimal and in most cases sanitized or validated. Additionally, the usage of stable third party libraries for file and network handling, as well as the separation of logic and user interface exposed only a minimal attack surface. This is most likely due to the choice of offloading the client interaction and authentication fully on the Tor-browser and relying on the security assumptions of a recent and well maintained browser. The penetration test goals were the de-anonymization of users and code execution on any of the involved parties, which was not found possible in the time allocated for the engagement. All vulnerabilities have been fixed in version 2.5. This work was funded by Open Technology Fund's Red Team Lab.įortunately, ROS didn't find any issues with a threat level of critical or high, but they found 2 that were elevated, 3 that were moderate, and 4 that were low. Late last year, the OnionShare project was lucky enough to be get a comprehensive security audit from the non-profit penetration testing group Radically Open Security. The OnionShare team has just released OnionShare 2.5! This version fixes security vulnerabilities uncovered in our first comprehensive security audit, and also includes improved censorship circumvention features. OnionShare 2.5 fixes security issues and adds censorship circumvention features
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |