Motion Filed Asking FBI To Disclose Tor Browser Zero Day May 12, 2016 , 8:56 am

Mozilla on Wednesday filed a motion with the U.S. District Court in Tacoma, Wa., asking the government to disclose a vulnerability it exploited in the Tor Browser and Firefox. The FBI used the zero-day to hack a child pornography site and de-anonymize users visiting the site using the Tor Browser. Mozilla’s motion asks that the government disclose the vulnerability at least 14 days before it fulfills a previous motion granted to the defendant Jay Michaud requiring the FBI to hand over details on the exploit to the defense team under a protective order. “Court ordered disclosure of vulnerabilities should follow the best practice of advance disclosure that is standard in the security research community,” wrote Mozilla chief legal and business officer Denelle Dixon-Thayer. “In this instance, the judge should require the government to disclose the vulnerability to the affected technology companies first, so it can be patched quickly.” The Tor Browser is partially built on open source Firefox code, but also includes proxy code that encrypts and anonymizes users’ sessions as they move about the Internet. Mozilla argues that the FBI had previously exploited the Tor Browser and that it did so in this case, despite a refusal from the government to acknowledge that it targeted Tor/Firefox code. “Absent great care, the security of millions of individuals using Mozilla’s Firefox Internet browser could be put at risk by a premature disclosure of this vulnerability,” Mozilla said in its motion. “This risk could impact other products as well. Firefox is released under an open source license. This means that as Firefox source code is continuously developed, it is

publicly available for developers to view, modify, share, and reuse to make other products like the Tor Browser.” Michaud, a 62-year-old teacher, was arrested last July in Seattle and was charged with possession of child pornography he allegedly downloaded from a dark web site called Playpen. The Washington Post reported that FBI seized the site’s servers and in February 2015 launched the exploit on the site leading to charges against 137 people. On Feb. 17, 2016, Michaud’s defense team was granted a motion compelling the government to produce evidence related to the Network Investigative Technique (NIT) it deployed. “At this point, no one (including us) outside the government knows what vulnerability was exploited and whether it resides in any of our code base,” Dixon-Thayer said. “The judge in this case ordered the government to disclose the vulnerability to the defense team but not to any of the entities that could actually fix the vulnerability. We don’t believe that this makes sense because it doesn’t allow the vulnerability to be fixed before it is more widely disclosed.” This case thrusts the government stockpiling and use of zero day exploits back into the spotlight, scant weeks after it is thought to have purchased an exploit from a third party to hack into an iPhone belonging to one of the San Bernardino terrorists. The FBI has not shared details of how it cracked the phone with Apple, and if it did indeed purchase an exploit for a previously unpatched vulnerability, that flaw remains exposed to others. Last September, the government did hand over a redacted version of its Vulnerabilities Equities Process, a document describing its policy on vulnerability use and disclosure. The version of the document has many large sections that are redacted, including the specific steps that agencies go through when evaluating whether to release information about a newly discovered vulnerability. “Vulnerabilities can weaken security and ultimately harm users. We want people who identify security vulnerabilities in our products to disclose

them to us so we can fix them as soon as possible,” Dixon-Thayer said. “We aren’t taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure.”

Motion Filed Asking FBI To Disclose Tor Browser Zero Day.pdf ...

Motion Filed Asking FBI To Disclose Tor Browser Zero Day.pdf. Motion Filed Asking FBI To Disclose Tor Browser Zero Day.pdf. Open. Extract. Open with. Sign In.

281KB Sizes 1 Downloads 206 Views

Recommend Documents

Tor Project Tor Browser Bundle - NCC Group
May 30, 2014 - Use of iSEC Partners services does not guarantee the security of a system, or that computer .... 1https://trac.torproject.org/projects/tor/ticket/9387 .... Networking ..... Exploiting_the_%20jemalloc_Memory_%20Allocator_WP.pdf.

Brooklands Finest Motion for Reconsideration filed Nov 4 2013.pdf ...
Brooklands Finest Motion for Reconsideration filed Nov 4 2013.pdf. Brooklands Finest Motion for Reconsideration filed Nov 4 2013.pdf. Open. Extract. Open with.

not final until time expires to file rehearing motion and, if filed ...
Jun 23, 2004 - Mrs. Hastings [should be required to] sign a release authorizing this coordinator to have full access to the results of her psychological testing ...

not final until time expires to file rehearing motion and, if filed ...
Jun 23, 2004 - Mrs. Hastings [should be required to] sign a release authorizing this coordinator to have full access to the results of her psychological testing ...

Authorization to Disclose Protected Health Information MMH ...
Authorization to Disclose Protected Health Information MMH - English V10.pdf. Authorization to Disclose Protected Health Information MMH - English V10.pdf.

android browser print to pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. android browser ...

Authorization to Disclose Protected Health Information MMH
Authorization to Disclose Protected Health Information MMH - English V10.pdf. Authorization to Disclose Protected Health Information MMH - English V10.pdf.

From Zero to OpenStack
Aug 20, 2011 - http://glance.openstack.org · http://nova.openstack.org · http://swift.openstack.org · http://tinyurl.com/openstack-releases · http://tinyurl.com/openstack-admin-cactus · https://github.com/dellcloudedge/crowbar · http://www.opscode.co

Consent Form to Disclose Utility Customer Data.pdf
There was a problem loading this page. Retrying... Consent Form to Disclose Utility Customer Data.pdf. Consent Form to Disclose Utility Customer Data.pdf.

733 Filed - Sign in
The name of the company is "Glenealy School Parent Teacher Association Limited" (the ..... any regulations and rules made under or pursuant thereto. “Financial ...

Tor-Bada-Stallbergsbacken.pdf
Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Tor-Bada-Stallbergsbacken.pdf. Tor-Bada-Stallbergsbacken.pdf.

TOR - Project Coordinator.pdf
Page 3 of 4. TOR - Project Coordinator.pdf. TOR - Project Coordinator.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying TOR - Project Coordinator.pdf.

Filed Complaint.pdf
U.S.C. §1973 (Section 2 of the Voting Rights Act of 1965, as amended) and 42. Case 4:11-cv-02907 Document 1 Filed in TXSD on 08/05/11 Page 2 of 15.

Disclose Loan Defaults - Taxscan.pdf
Whoops! There was a problem loading this page. Whoops! There was a problem loading this page. Main menu. Displaying Disclose Loan Defaults - Taxscan.pdf ...

Authorization to Disclose Protected Health Information MMH - English ...
Whoops! There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Authorization to Disclose Protected Health Information MMH - English V10.pdf. Authorization to Discl

mechanical-blog-sharp-witted-conduct-to-disclose-money-fastest ...
Make Money Fast: Catalog Of 19 Websites For Extra Money . .... -sharp-witted-conduct-to-disclose-money-fastest-ways-to-convey-percentage-1499492611943.pdf.

mechanical-blog-sharp-witted-conduct-to-disclose-money-fastest ...
... the apps below to open or edit this item. mechanical-blog-sharp-witted-conduct-to-disclose-mo ... fastest-ways-to-convey-percentage-1499492611943.pdf.

Zero zero zero war
The wild thornberrys ..The man named. Zero zero zero war - Download.Zero zero zero ... The prophet pdf.Big boss 9 Day 58. Aaron tippin tool box.733102750.

Transferring your ID from Onename to the Blockstack Browser
https://blockstack.org/install. Page 3. 2. Go through Blockstack on-boarding process. Once you open Blockstack, you will be: a. Asked to pick a new password to ...

TOR AICHR.pdf
Page 1 of 11. Page 1 of 11. Terms of Reference. of. ASEAN Intergovernmental Commission on Human Rights. Pursuant to Article 14 of the ASEAN Charter, the ASEAN. Intergovernmental Commission on Human Rights (AICHR) shall. operate in accordance with the