Found this on Motherboard https://motherboard.vice.com/read/tor-is-teaming-up-with-researchers-to-protect-users-from-fbi-hacking
> Tor Is Teaming Up With Researchers To Protect Users From FBI Hacking > Written by > Joshua Kopstein > Contributor > > June 19, 2016 // 03:28 PM EST > > The FBI has had a fair amount of success de-anonymizing Tor users > over the past few years. Despite the encryption software's > well-earned reputation as one of the best tools for online privacy, > recent court cases have shown that government malware has compromised > Tor users by exploiting bugs in the underlying Firefox browser—one of > which was controversially provided to the FBI in 2015 by academic > researchers at Carnegie Mellon University. > > But according to a new paper, security researchers are now working > closely with the Tor Project to create a "hardened" version of the > Tor Browser, implementing new anti-hacking techniques which could > dramatically improve the anonymity of users and further frustrate the > efforts of law enforcement. > > Specifically, the researchers are currently testing "Selfrando," a > technique made to protect against browser exploits such as the one > reportedly used by the FBI. > > The new method is meant to counteract what's known as "code reuse" > exploits, where rather than attempting the much harder task of > injecting new malicious code, an attacker will exploit a memory leak > to reuse code libraries that already exist in the > browser—essentially, building malware by rearranging things inside > the application's memory. > > To do that, an attacker generally needs to have an idea of where > certain functions are located within the application's memory space. > But the current security mechanisms in browsers only randomize the > locations of code libraries, not the individual functions. Which is > where the Selfrando technique comes in, creating a random address > space for internal code that's much harder to exploit. > > "Our solution significantly improves security over standard address > space layout randomization (ASLR) techniques currently used by > Firefox and other mainstream browsers," the researchers write in > their paper, whose findings will be presented in July at the Privacy > Enhancing Technologies Symposium in Darmstadt, Germany. > > "The Tor Project decided to include our solution in the hardened > releases of the Tor Browser, which is currently undergoing field > testing." > > Basically what that means is it's about to get harder to hack the Tor > Browser, including for law enforcement agencies like the FBI, who > complain they already don't have enough resources to develop the > malware necessary to catch terrorists and other serious criminals. > > And while that defensive advantage may not last for too long, it > shows that some in the academic research community are still intent > on patching the holes that their peers are helping government hackers > exploit. > > Topics: security, anonymity, Tor Browser, hacking, privacy, > Selfrando, FBI, law enforcement, power, encryption, machines -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk