[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18
From: Robert Hogan <robert@xxxxxxxxxxxxxxx>
Date: Wed, 31 Oct 2007 20:44:28 +0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 31 Oct 2007 16:44:53 -0400
In-reply-to: <67C531E4-2538-4403-BC4E-0A975ED80CFB@xxxxxxxxx>
References: <67C531E4-2538-4403-BC4E-0A975ED80CFB@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: KMail/1.9.7

On Wednesday 31 October 2007 15:34:18 Gregory Fleischer (Lists) wrote:
> Versions of the Vidalia bundle prior to 0.1.2.18 install Privoxy with
> an insecure configuration file.  Both Windows and Mac OS X versions
> are affected.  The installed 'config.txt' file ('config' on Mac OS X)
> had the following option values set to 1:
>
>    - enable-remote-toggle
>    - enable-edit-actions
>
<snip>
>
> In order to allow time for people to upgrade, additional attack
> details and sample code will be withheld for a couple of days.

TorK is affected by this too. There should be a 0.22 available before Friday.

Attachment: signature.asc
Description: This is a digitally signed message part.

References:
- Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18
  - From: Gregory Fleischer (Lists)

Prev by Author: Re: Setting up a private tor network
Next by Author: Re: Servers and the "Named" flag (was Re: time needed to register a serve)
Previous by thread: Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18
Next by thread: no traffic?
Index(es):
- Author
- Thread