[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Question about the vulnerability
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Question about the vulnerability
- From: coderman <coderman@xxxxxxxxx>
- Date: Sat, 11 Aug 2007 20:37:06 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sat, 11 Aug 2007 23:37:16 -0400
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=kY1fSJFjFmiXdTZHn0I4JoZrKuhvt0GlgCsdMtA1mC/xw6bjFtDlAIgvjokAatIdZW3W8/o6E8QAUAA8ACnZnSq7mZBCjuFbzKRFNycV9fY23Zie4k5XiMShPTnARiBwbyNVGdC4ihqmz5qYDYKhPjAmBQPfPPW9ia5rhohv6UM=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Ly46ne/I+dSE+WIhcrc+/fxGFmwmcVqwpQ1x3/TfTwVM3eWRsIz2SZ6KTssnMRCx2uDxisy0I+AOtfKxK/RNcqKkXFWnIsL54dtSljIEYPf3Gq6P++OEfyMQeXgdQwIGkwPzystGY1/rzrMm2w8H32B+717YL1jMK+j875Ji7J4=
- In-reply-to: <N1N-Pr72RDXJFB@xxxxxxxxxxxxx>
- References: <N1N-Pr72RDXJFB@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On 8/11/07, force44@xxxxxxxxxxxxx <force44@xxxxxxxxxxxxx> wrote:
> ...
> I am already using the last releases for both Tor (0.2.0.4-alpha) and
> Vidalia (0.0.13).
great; you're now protected against this type of attack. (but may have
some risk for other types...)
> So WHY am I still getting this warning in the Vidalia log? :(
>
> ("Aug 10 11:41:05.468 [Warning] ControlPort is open, but no
> authentication method has been configured. This means that any program
> on your computer can reconfigure your Tor. That's bad! You should
> upgrade your Tor controller as soon as possible.")
ideally you would have some kind of authentication associated with the
control port. note that the way Tor behaves even without
authentication configured will protect you if you are using a recent
version like 0.2.0.4-alpha.
if you want to configure authentication you can do so, however, this
may break vidalia (?). either the HashedControlPassword or
CookieAuthentication method can be used.
if you use "CookieAuthentication 1" in the config, a
control_auth_cookie file will be created in your DataDirectory. the
contents of this file is needed for authentication.
you can create a hashed control password via "tor --hash-password
password" and set the resulting digest in the HashedControlPassword
setting.
best regards,