New releases of Tor Browser 4.0 and Tails 1.2 to preserve your privacy

New significant software updates Tor Browser 4.0 and Tails 1.2 are available for the popular Privacy Tools used to preserve online anonymity

The Tor project has released a new version of the popular free software for enabling online anonymity Tor, Tor Browser 4.0 is the release Tor Browser Bundle available for download.

The Tor Browser Bundle is based on an  Extended Support Release (ESR) version of the Mozilla Firefox project, in the new Tor version 4.0 the Firefox version has been updated from 24 ESR  to 31 ESR version which include several security fixes, including seven critical vulnerabilities.

The fix is also necessary to mitigate the recently disclosed POODLE attack on SSL which allows bad actors to decrypt traffic over secure channels, the experts at Tor project have disabled SSLv3 in the Tor Browser 4.0 release as explained in the official post:

 “This release features important security updates to Firefox. Additionally, due to the POODLE attack, we have also disabled SSLv3 in this release.”

The measure is necessary for an anonymizing tool like Tor to avoid that an attacker can spy on user’s internet activity, even if carried out over SSL which is still supported by the majority of Internet users.

“This vulnerability allows the plaintext of secure connections to be calculated by a network attacker,” said the researcher Bodo Möller at Google. “If a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around serve ­side interoperability bugs.”

Another important update is related to the mechanisms implemented to circumvent censorship, as explained in the release not the new version features the addition of three versions of the meek pluggable transport. A meek is a pluggable transport that uses HTTP for carrying bytes and TLS for obfuscation, technically the traffic is routed through a third-party server to circumvent censorship.

“More importantly for censored users who were using 3.6, the 4.0 series also features the addition of three versions of the meek pluggable transport. In fact, we believe that both meek-amazon and meek-azure will work in China today, without the need to obtain bridge addresses. Note though that we still need to improve meek’s performance to match other transports, though. so adjust your expectations accordingly.” states the release note.

The new Tor Browser 4.0 also includes an in-browser updater and as announced by the developers of the project very soon the bundle will support both strong HTTPS site-specific certificate pinning (ticket #11955) and update package signatures (ticket #13379).

“This release also features an in-browser updater, and a completely reorganized bundle directory structure to make this updater possible. This means that simply extracting a 4.0 Tor Browser over a 3.6.6 Tor Browser will not work,” reads the blog post. “Please also be aware that the security of the updater depends on the specific CA that issued the HTTPS certificate (Digicert), and so it still must be activated manually through the Help (“?”) “about browser” menu option.”

don’t wast time Download Tor Browser 4.0.

Tor Browser 4.0 isn’t the unique privacy tool updated during this period, a new version of live anonymizing distribution TAILS (VERSION 1.2) has been released. Tails, also known as “Amnesiac Incognito Live System”, is a free Debian-based Linux distribution, specially tuned and optimized to preserve users’ anonymity and privacy.

Also in this case it is crucial to upgrade your privacy tool.

Pierluigi Paganini

(Security Affairs – Tor Browser 4.0, TAILS 1.2)

Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.