An anonymous reader quotes a report from Computerworld: A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users. A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had “found the bug” and were “working on a patch.” On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox. Dan Guido, CEO of TrailofBits, noted on Twitter, that “it’s a garden variety use-after-free, not a heap overflow” and it’s “not an advanced exploit.” He added that the vulnerability is also present on the Mac OS, “but the exploit does not include support for targeting any operating system but Windows.” Security researcher Joshua Yabut told Ars Technica that the exploit code is “100% effective for remote code execution on Windows systems.” “The shellcode used is almost exactly the shellcode of the 2013 one,” tweeted a security researcher going by TheWack0lian. He added, “When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn’t looking at a 3-year-old post.” He’s referring to the 2013 payload used by the FBI to deanonymize Tor-users visiting a child porn site. The attack allowed the FBI to tag Tor browser users who believed they were anonymous while visiting a “hidden” child porn site on Freedom Hosting; the exploit code forced the browser to send information such as MAC address, hostname and IP address to a third-party server with a public IP address; the feds could use that data to obtain users’ identities via their ISPs.

Read more of this story at Slashdot.

Source: Slashdot – Firefox Zero-Day Can Be Used To Unmask Tor Browser Users

Last week, President-elect Donald Trump appointed two new advisers to his transition team that will oversee his FCC and telecommunications policy agenda. Trump has added a third adviser today who, like the other two advisers, is a staunch opponent of net neutrality regulations. DSLReports adds: The incoming President chose Roslyn Layton, a visiting fellow at the broadband-industry-funded American Enterprise Institute, to help select the new FCC boss and guide the Trump administration on telecom policy. Layton joins Jeffrey Eisenach, a former Verizon consultant and vocal net neutrality critic, and Mark Jamison, a former Sprint lobbyist that has also fought tooth and nail against net neutrality; recently going so far as to argue he doesn’t think telecom monopolies exist. Like Eisenach and Jamison, Layton has made a career out of fighting relentlessly against most of the FCC’s more consumer-focused efforts, including net neutrality, consumer privacy rules, and increased competition in the residential broadband space. Back in October, Layton posted an article to the AEI blog proclaiming that the FCC’s new privacy rules, which give consumers greater control over how their data is collected and sold, were somehow part of a “partisan endgame of corporate favoritism” that weren’t necessary and only confused customers. Layton also has made it abundantly clear she supports zero rating, the practice of letting ISPs give their own (or high paying partners’) content cap-exemption and therefore a competitive advantage in the market. She has similarly, again like Eisenach and Jamison, supported rolling back the FCC’s classification of ISPs as common carriers under Title II, which would kill the existing net neutrality rules and greatly weaken the FCC’s ability to protect consumers.

Read more of this story at Slashdot.

Source: Slashdot – Trump Appoints Third Net Neutrality Critic To FCC Advisory Team

An anonymous reader quotes a report from Reuters: Social media website Reddit, known for its commitment to free speech, will crack down on online harassment by banning or suspending users who target others, starting with those who have directed abuse at Chief Executive Steve Huffman. Huffman said in an interview with Reuters that Reddit’s content policy prohibits harassment, but that it had not been adequately enforced. “Personal message harassment is the most cut and dry,” he said. “Right now we are in an interesting position where my inbox is full of them, it’s easy to start with me.” As well as combing through Huffman’s inbox, Reddit will monitor user reports, add greater filtering capacity, and take a more proactive role in policing its platform rather than relying on community moderators. Reddit said it had identified hundreds of the “most toxic users” and will warn, ban or suspend them. It also plans to increase staff on its “trust and safety” team. On Reddit, a channel supporting the U.S. Republican party’s presidential candidate Donald Trump, called r/The_Donald, featured racist and misogynistic comments, fake news and conspiracy theories about his Democratic challenger Hillary Clinton, along with more mainstream expressions of support for Trump. Many of those supporting Trump were very active, voting up the r/The_Donald conversations so that they became prominent across Reddit, which is the 7th-most-visited U.S. internet site, according to web data firm Alexa. Last week, Reddit banned Pizzagate, a community devoted to a conspiracy theory, with no evidence to back it up, that links Clinton to a pedophile ring at a Washington, D.C. pizza parlor, after it posted personal information in violation of Reddit policy. Huffman then used his administrative privileges to redirect abuse he was receiving on a thread on r/The_Donald to the community’s moderators — making it look as if it was intended for them. Huffman said it was a prank, and that many Reddit users, including some Trump supporters, told him they thought it was funny, but it inflamed the situation.

Read more of this story at Slashdot.

Source: Slashdot – Reddit To Crack Down On Abuse By Punishing Hundreds of ‘Toxic Users’