The browser provides users with a secure and anonymous way of browsing the internet, but the browser has recently been updated to Version 4, adding new features and security measures to make it even better for spying-conscious netizens.
One of the biggest new features is that it now disables SSL3 connections after the outing of the POODLE bug. Padding Oracle on Downloaded Legacy Encryption, or POODLE to you and me, makes it possible for hackers to spy on your internet browser stemming from an 18-year-old encryption standard. That standard, SSL v3, is still being used by browsers like Internet Explorer 6.
“A bug has been found in the Secure Sockets Layer (SSL) 3.0 cryptography protocol (SSLv3) which could be exploited to intercept data that’s supposed to be encrypted between computers and servers. Three Google security researchers discovered the flaw and detailed how it could be exploited through what they called a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack,” security firm Symantec explained.
The browser update has also made it more accessible for people in internet-censored countries like China to bypass geo-locking in order to gain full access to the internet. The censoring of internet access in China is known as the Great Firewall of China.
“More importantly for censored users who were using 3.6, the 4.0 series also features the addition of three versions of the meek pluggable transport. In fact, we believe that both meek-amazon and meek-azure will work in China today, without the need to obtain bridge addresses,” Tor added in the release notes.
[Source – BoingBoing, Image – Tor]