YOUR PRIVACY PAL the Tor Project is going the extra mile to protect users from the spying eyes of the FBI.
Tor, as you might already know, is a solid privacy choice that the anti-privacy people would like to see eviscerated. The Russians want it, and so does the US, which has broken into Tor already, apparently legitimately, in the pursuit of the Silk Road marketplace.
Selfrando information at GitHub introduces the system and asks for input. Selfrando is positioned against rival systems like address space layout randomisation (ASLR).
"Software written in C and C++ is exposed to exploitation of memory corruption. Compilers and operating systems include various exploit mitigation mechanisms that prevent certain offensive techniques," said the document.
"Unfortunately, standard mitigations lag behind the offensive techniques used in exploits against browsers, servers and other frequently targeted software, and do not stop a well-resourced adversary.
"Selfrando can be used to harden your software beyond what is possible with current mitigations. Inspired by biodiversity in nature and existing randomising defences, Selfrando varies the attack surface, i.e. the code layout, by randomising each function separately.
"This makes exploit writing harder and increases resilience to information leakage relative to traditional ASLR techniques."
A post on Reddit said that Selfrando was recently adopted into the Tor setup. Tor sent us a press release to clear up what is happening.
"Researchers from Immunant Inc, University of California Irvine, Technische Universität Darmstadt (Germany), and the Tor Project have collaborated to integrate new software security research (PDF) into the hardened version of the Tor Browser," it said.
"Their defence, called selfrando, strengthens the Tor Browser against attempts to hack and de-anonymise Tor users."
The Tor people know that they and their users have a problem and that problem is other people. Those others want access to Tor and all that goes on there.
"Obviously the Tor Browser is an enticing target for hackers, including nation states, attempting to de-anonymise and track Tor users. In the hardened Tor Browser series, the Tor Project is testing new defences to proactively protect Tor users from attacks on their browser," the firm explained.
"Selfrando defends modern software against this class of exploits by randomising the internals of the software. Without knowing these randomised details, an attacker has a much harder time constructing a reliable (code-reuse) attack."
The researchers from Immunant, UC Irvine and Technische Universität Darmstadt have published a document about Selfrando entitled Securing the Tor Browser against De-anonymisation Exploits (PDF). µ
Cupertino could potentially be ready to reveal a driverless car system
Doubtful anyone will notice
Could your next colleague be a bot?
Remove the tech or face the courts, threaten privacy advocates