![]() They will then be able to correlate the Brave timestamps, and the server logs and determine that the raided user was indeed the one accessing the website. onion site secretly run by the government, who will then raid the suspected user and compare Brave log files with server logs. For more information see Ī classic example would be when a journalist in an authoritarian country accesses a whistleblower v2. Please encourage the site operator to upgrade. These addresses are deprecated for security reasons, and are no longer supported in Tor. Jul 01 08:40:51.000 Warning! You've just connected to a v2 onion address. Jul 01 08:40:50.000 Warning! You've just connected to a v2 onion address. This data can then be compared with server connection logs obtained from a compromised Tor endpoint, or the attacker may have been the party controlling the server (i.e., honeypot).Ī log file would contain something like this: This can help the attacker establish when the user is connected to a new v2. This is obtained by reading the ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log file, where Brave saves this data. The discovered vulnerability can allow an attacker who obtains physical access to a device to view the exact timestamps that someone connected to a v2 onion address. The case was filed under CVE-2021-22929 and has been addressed and patched by Brave on August 16 2021. Cybersecurity researcher Sick.Codes has discovered a major vulnerability on Brave browser 1.27 and below where the browser permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |