This data can then be compared with server connection logs obtained from a compromised Tor endpoint, or the attacker may have been the party controlling the server (i.e., honeypot).Ī log file would contain something like this: This can help the attacker establish when the user is connected to a new v2. This is obtained by reading the ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log file, where Brave saves this data. The discovered vulnerability can allow an attacker who obtains physical access to a device to view the exact timestamps that someone connected to a v2 onion address. The case was filed under CVE-2021-22929 and has been addressed and patched by Brave on August 16 2021. Totally deserves a P3 label considering we're passed 1.0 now and this was sort of promised in 0.18.Cybersecurity researcher Sick.Codes has discovered a major vulnerability on Brave browser 1.27 and below where the browser permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log. Most capture solutions allow either full, visible screen and a cropper feature, it would be really good if Brave enhanced the end solution to be even more efficient without a multitude of buttons by mitigating repetitive tasks for the user by remembering the structure of last screen capture of a certain page (site) taken, so when the button is pressed next, you don't have to make adjustments again and again. Something that is well integrated within the browser like Mozilla's and doesn't unnecessarily consume memory in the background would be most ideal, in addition, it would be really good if repetitive tasks were somehow made easy. It's just fantastic, so fast, light and without a doubt the most efficient screen/webpage screen-capture ever. I second request of it to function exactly like in Mozilla. Though I have to admit they've helped me quite a lot these past couple of years, however in Brave these type of extensions and similar extensions are very slow and throwing up bugs. +1 Using third-party extensions are terribly inefficient and have more steps than one would wish for.
0 kommentar(er)
