• Updated to Firefox to 31.5.0esr with important security updates.
• Update OpenSSL to 1.0.1l
• Update NoScript to 2.6.9.15
• Update HTTPS-Everywhere to 4.0.3

The new release of the Tor Browser also fixes the following issues

• Bug 14203: Prevent meek from displaying an extra update notification
• Bug 14849: Remove new NoScript menu option to make permissions permanent
• Bug 14851: Set NoScript prefto disable permanent permissions

Tor is mostly used by activists, journalists and those individuals that need to circumvent online censorship operated by several governments. Unfortunately, the Tor network is often abused by cyber criminals too, recently I wrote a detailed analysis titled “Hunting malware in the Deep Web” that explains how criminal crews exploit the anonymizing network to hide the control infrastructure of their botnet.

The Tor network is also abused by other categories of criminals, it is considered a secure environment by pedophiles and criminals that want to buy and sell any kind of illegal product in the various black markets available in the network. Last year the anonymizing network was targeted by several attacks with the intent to de-anonymize its users. Other significant events occurred in the 2014 are the Operation Onymous, a joint action of Law enforcement and judicial agencies against dark markets on Tor networks, and adding of 12 high-capacity Tor Middle relays by the Polaris, an initiative by Mozilla, the Tor Project and the Center of Democracy and Technology, that helps to overwhelm limitation of finite number of Tor connections occurring at the same time.

Don’t wast time …. download the new Tor Browser Bundle.

Pierluigi Paganini

(Security Affairs –  Tor  Browser, Anonymity)