The Tor Project has issued a critical security advisory telling users of the onion router network to stop using Windows and switch to "live" systems if they want to remain anonymous online. The warning comes on the heels of a recently discovered attack that exploited a vulnerability on the Windows build of Firefox 17 ESR (Extended Support Release), a version of the browser customized to view websites using TOR.
Interestingly, after reverse engineering the code, researcher Vlad Tsyrklevich found that the identifying information was being sent to a server in Washington D.C., leading him to conclude that the FBI or another law enforcement agency is behind the attack. And while the malware may have played an important role taking down one of the largest child porn rings on the planet, it’s also capable of identifying other people using Tor.
The latter is particularly prevalent among journalists as well as civil and human rights activists working in politically unstable regions of the world, though there are many other legitimate uses for it too.