[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â December 31st, 2014

Tor Weekly News                                      December 31st, 2014

Welcome to the final issue in 2014 of Tor Weekly News, the weekly
newsletter that covers whatâs happening in the Tor community.

Attacks and rumors of attacks

Two weeks ago, the Tor Project relayed a warning [1] from an unspecified
source to the effect that someone may have been preparing to seize,
attack, or otherwise disable one or more of Torâs directory
authorities [2] in a bid to disrupt the entire Tor network. The lack of
any specific information about the threat caused understandable concern
in the Tor community, and several events that followed over the next
fortnight did little to dispel this.

First, the operator of a large Tor exit relay cluster reported [3] that
his servers may have been physically interfered with by unknown parties
a short while before his message. Later updates [4] suggested that foul
play was less likely than initially thought.

Several days later, a large number of small exit relays were created all
at once, in what appeared to be a âSybil attackâ [5]; this was
detected [6] and halted almost immediately, as was a second, more recent
incident [7]. As the Tor Project put it in a response [8], âwe donât
expect any anonymity or performance effects based on what we've seen so
farâ, although a side-effect of the countermeasure is that relays hosted
on some IP ranges are currently being rejected [9] by dirauths.

As far as anyone can tell, these events are not related in any way to
the initial warning. The Tor network has functioned normally throughout
this period, and the appearance of a series of incidents is likely to be
the result of coincidence (helped by the online rumor mill) rather than
a coordinated campaign. It is never possible to say with certainty that
attacks on the network will not occur, but the threat referred to in the
original blog post has not yet materialized â and âno news is good

  [1]: https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network
  [2]: https://metrics.torproject.org/about.html#directory-authority
  [3]: https://lists.torproject.org/pipermail/tor-talk/2014-December/036067.html
  [4]: https://lists.torproject.org/pipermail/tor-talk/2014-December/036084.html
  [5]: https://en.wikipedia.org/wiki/Sybil_attack
  [6]: https://lists.torproject.org/pipermail/tor-consensus-health/2014-December/005381.html
  [7]: https://lists.torproject.org/pipermail/tor-consensus-health/2014-December/005414.html
  [8]: http://www.twitlonger.com/show/n_1sjg365
  [9]: https://lists.torproject.org/pipermail/tor-relays/2014-December/006020.html

Miscellaneous news

Lasse Ãverlier discovered that ScrambleSuitâs [10] protection against
âreplay attacksâ, in which an adversary repeats a client authentication
event to learn that the server is in fact a ScrambleSuit bridge, doesnât
work. Philipp Winter explained [11] the issue, and suggested some simple

 [10]: http://www.cs.kau.se/philwint/scramblesuit/
 [11]: https://lists.torproject.org/pipermail/tor-dev/2014-December/008019.html

Tom van der Woerdt asked for review [12] of a patch [13] to remove the
obsolete version 1 of Torâs link protocol from the current software:
âItâs a rather large patch, though not as large as the patch that will
remove v2 of the protocol. However, before I write that one, can someone
please check whether my patch is sane and Iâm not violating any
standards or policies?â

 [12]: https://lists.torproject.org/pipermail/tor-dev/2014-December/008023.html
 [13]: https://github.com/TvdW/tor/commit/75b5d94eb976ee4998189dc69582c62511dde9eb

David Fifield trimmed [14] the length of meekâs [15] HTTP headers from
413 to 162 bytes, reducing the bandwidth it uses by âapproximatelyâ 3%.

 [14]: https://bugs.torproject.org/12778#comment:5
 [15]: https://trac.torproject.org/projects/tor/wiki/doc/meek

Thanks to Kura [16] for running a mirror of the Tor Project website and
software archive!

 [16]: https://lists.torproject.org/pipermail/tor-mirrors/2014-December/000815.html

Upcoming events

  Dec 31 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
  Jan 03 20:00 UTC | Tails contributors meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-dev/2014-December/007626.html
  Jan 05 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
  Jan 05 18:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
  Jan 06 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
  Jan 07 09:00 GMT | Roger @ Real World Cryptography Workshop 2015
                   | London, England
                   | http://www.realworldcrypto.com/rwc2015
  Jan 16 19:30 UTC | Tails/Jessie progress meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-dev/2014-December/007696.html

This issue of Tor Weekly News has been assembled by Harmony, David
Fifield, Chuck Peters, and Roger Dingledine.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [17], write down your
name and subscribe to the team mailing list [18] if you want to
get involved!

 [17]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [18]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to