[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: critical security vulnaribility fixed in Tor 0.1.2.16



Did this end up biting TOR in the ass, or is this a Proactive move? I am
just curious as I mentioned this very problem (or something extremely
close to it) back in August last year (see:
http://archives.seul.org/or/talk/Aug-2006/msg00187.html  )

So I'm just wondering it if finally made it to the top of what I am sure
is a long To-do list that the DEV's have, or was it actually exploited.

I completely understand the need not to release further details until
people upgrade but I am looking forward (once things are safe) to
hearing how and by whom this was exploited if it was. 

In either case (exploited/not exploited), Kudos to the Dev's for fixing
it quickly and getting the word out. 

This has left me wondering one thing tho.. My tor was updated
auto-magically as I used a Debian based distro and have the official TOR
repository in my apt list. So my question is, is there, or could there
be some similar form of auto-updating for persons using the windows
version of TOR? If not maybe Vadalia could be made to check for TOR
updates and pop up notices to the users? ... just a thought. Sadly my
coding skills are decades out of date or I'd offer to help. 



Freemor <freemor@xxxxxxxx>
Freemor <freemor@xxxxxxxxxx>

This e-mail has been digitally signed with GnuPG

See: http://gnupg.org/ for more details


Attachment: signature.asc
Description: This is a digitally signed message part