New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Tor Browser Now Attempts to Bypass Internet Censorship Automatically

The updates in Tor Browser 11.5 focus on circumventing censorship, a process that started a year ago in version 10.5 with improving the Tor connection experience. In the new version, users no longer have to manually try out bridge configurations to unblock Tor.

Another important new feature in version 11.5 is making ‘HTTPS-Only Mode’ the default browsing mode, so that the connection is through a secure tunnel. This ensures that all data exchange between the user and the server hosting the website will be encrypted to defend against Man-in-the-Middle (MitM) attacks and to protect users from SSL stripping on malicious exit relays. The Tor team assures users that SecureDrop will continue to work as intended despite the deprecation and replacement of the HTTPS-Everywhere extension that served as an onion name interpreter. The only exception to replacing HTTPS-Everywhere with the new HTTPS-Only Mode is Android, which has generally fallen behind. Tor’s development team admitted this and promised to do more about Android, releasing updates more frequently, fixing the many bugs that have accumulated, and catching up with the Fenix (Firefox for Android) releases.

The third significant improvement in Tor Browser 11.5 is a heavily revamped Network Settings menu, now called “Connection Settings,” which should make it easier to find and understand specific settings. Most notably, bridge configuration and connection options have been redesigned to enable quick and easy review and management. Using emojis on the saved Bridges, the new interface offers visualization for the configuration for the first time, making it easy to identify the right bridge and select it when needed.

Analyst Notes

Further improvements to the Tor network benefit not only users living in cen-sorship heavy countries, but anyone who wishes to have a more private web browsing experience. The Tor network becomes more private and secure the more that people use it. Besides the privacy advantages offered by Tor, there are also downsides – it usually loads content slowly, and many websites block us-ers of Tor from accessing their content at all due to frequent abuses that come from Tor exit nodes. Many corporate networks block connections to Tor en-try nodes for good reason – threat actors have used Tor as a way to disguise the traffic from malware to their Command and Control (C2) servers. It’s a good idea for employees to ask their security teams first before using Tor on a corporate device.