[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â December 31st, 2014



========================================================================
Tor Weekly News                                      December 31st, 2014
========================================================================

Welcome to the final issue in 2014 of Tor Weekly News, the weekly
newsletter that covers whatâs happening in the Tor community.

Attacks and rumors of attacks
-----------------------------

Two weeks ago, the Tor Project relayed a warning [1] from an unspecified
source to the effect that someone may have been preparing to seize,
attack, or otherwise disable one or more of Torâs directory
authorities [2] in a bid to disrupt the entire Tor network. The lack of
any specific information about the threat caused understandable concern
in the Tor community, and several events that followed over the next
fortnight did little to dispel this.

First, the operator of a large Tor exit relay cluster reported [3] that
his servers may have been physically interfered with by unknown parties
a short while before his message. Later updates [4] suggested that foul
play was less likely than initially thought.

Several days later, a large number of small exit relays were created all
at once, in what appeared to be a âSybil attackâ [5]; this was
detected [6] and halted almost immediately, as was a second, more recent
incident [7]. As the Tor Project put it in a response [8], âwe donât
expect any anonymity or performance effects based on what we've seen so
farâ, although a side-effect of the countermeasure is that relays hosted
on some IP ranges are currently being rejected [9] by dirauths.

As far as anyone can tell, these events are not related in any way to
the initial warning. The Tor network has functioned normally throughout
this period, and the appearance of a series of incidents is likely to be
the result of coincidence (helped by the online rumor mill) rather than
a coordinated campaign. It is never possible to say with certainty that
attacks on the network will not occur, but the threat referred to in the
original blog post has not yet materialized â and âno news is good
newsâ.

  [1]: https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network
  [2]: https://metrics.torproject.org/about.html#directory-authority
  [3]: https://lists.torproject.org/pipermail/tor-talk/2014-December/036067.html
  [4]: https://lists.torproject.org/pipermail/tor-talk/2014-December/036084.html
  [5]: https://en.wikipedia.org/wiki/Sybil_attack
  [6]: https://lists.torproject.org/pipermail/tor-consensus-health/2014-December/005381.html
  [7]: https://lists.torproject.org/pipermail/tor-consensus-health/2014-December/005414.html
  [8]: http://www.twitlonger.com/show/n_1sjg365
  [9]: https://lists.torproject.org/pipermail/tor-relays/2014-December/006020.html

Miscellaneous news
------------------

Lasse Ãverlier discovered that ScrambleSuitâs [10] protection against
âreplay attacksâ, in which an adversary repeats a client authentication
event to learn that the server is in fact a ScrambleSuit bridge, doesnât
work. Philipp Winter explained [11] the issue, and suggested some simple
fixes.

 [10]: http://www.cs.kau.se/philwint/scramblesuit/
 [11]: https://lists.torproject.org/pipermail/tor-dev/2014-December/008019.html

Tom van der Woerdt asked for review [12] of a patch [13] to remove the
obsolete version 1 of Torâs link protocol from the current software:
âItâs a rather large patch, though not as large as the patch that will
remove v2 of the protocol. However, before I write that one, can someone
please check whether my patch is sane and Iâm not violating any
standards or policies?â

 [12]: https://lists.torproject.org/pipermail/tor-dev/2014-December/008023.html
 [13]: https://github.com/TvdW/tor/commit/75b5d94eb976ee4998189dc69582c62511dde9eb

David Fifield trimmed [14] the length of meekâs [15] HTTP headers from
413 to 162 bytes, reducing the bandwidth it uses by âapproximatelyâ 3%.

 [14]: https://bugs.torproject.org/12778#comment:5
 [15]: https://trac.torproject.org/projects/tor/wiki/doc/meek

Thanks to Kura [16] for running a mirror of the Tor Project website and
software archive!

 [16]: https://lists.torproject.org/pipermail/tor-mirrors/2014-December/000815.html

Upcoming events
---------------

  Dec 31 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
                   |
  Jan 03 20:00 UTC | Tails contributors meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-dev/2014-December/007626.html
                   |
  Jan 05 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
                   |
  Jan 05 18:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   |
  Jan 06 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Jan 07 09:00 GMT | Roger @ Real World Cryptography Workshop 2015
                   | London, England
                   | http://www.realworldcrypto.com/rwc2015
                   |
  Jan 16 19:30 UTC | Tails/Jessie progress meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-dev/2014-December/007696.html


This issue of Tor Weekly News has been assembled by Harmony, David
Fifield, Chuck Peters, and Roger Dingledine.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [17], write down your
name and subscribe to the team mailing list [18] if you want to
get involved!

 [17]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [18]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk