[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Tor Weekly News â October 29th, 2014
Tor Weekly News October 29th, 2014
Welcome to the forty-third issue in 2014 of Tor Weekly News, the weekly
newsletter that covers whatâs happening in the Tor community.
Tor 0.2.5.10 is out
The 0.2.5.x branch of the core Tor software hit stable, with the release
of 0.2.5.10. As Nick Mathewson explained , there have been no changes
since last weekâs 0.2.5.9-rc release, and the new features will be
familiar to readers of Tor Weekly News over the past year of
development, but highlights include âimproved denial-of-service
resistance for relays, new compiler hardening options, and a system-call
sandbox for hardened installations on Linuxâ, as well as improvements to
transparent proxying, building and testing, pluggable transport
usability, and much more.
This release means that Tor versions in the 0.2.3.x series, which has
âreceived no patches or attention for some whileâ and âaccumulated many
known flawsâ , are now deprecated. Relay operators running these
versions must upgrade as soon as possible, or risk having their relays
rejected from the network in the near future.
Please see Nickâs release announcement for the full changelog, and
download your copy of the 0.2.5.10 source code from the distribution
directory  or a prebuilt package from your usual repositories.
Jacob Appelbaum announced  version 0.1.3 of TorBirdy, a torifying
extension for the Thunderbird email client. Among other things, this
release fixes the recently-reported âwrote:â bug , disables the
automatic downloading of messages from POP3 accounts, and ensures that
draft messages for IMAP accounts are stored on the local system rather
than sent over the network. However, as Jacob wrote, âitâs still
experimentalâ, so âuse at your own riskâ. See the release announcement
for a full changelog.
Anthony G. Basile announced  version 20141022 of tor-ramdisk, the
micro Linux distribution whose only purpose is to host a Tor server in
an environment that maximizes security and privacy. This release
addresses the recent POODLE attack  with updates to Tor and OpenSSL,
and also upgrades the Linux kernel.
Yawning Angel called for testing  of the revamped tor-fw-helper, a
tool that automates the port forwarding required (for example) by the
flash proxy  pluggable transport. Please see Yawningâs message for
full testing instructions and other important information: âQuestions,
Comments, Feedback appreciatedâ.
On the Tor blog, Andrew Lewman responded  to the abuse of Tor by
creators of so-called âransomwareâ, or malware that tries to restrict
access to usersâ files unless a ransom is paid; these extortionists
sometimes ask their victims to install Tor software in order to
communicate with them over a hidden service, leading users to the
mistaken belief that The Tor Project is somehow involved. As Andrew
wrote, this software âis unrelated to The Tor Project. We didnât produce
it, and we didnât ask to be included in the criminal infection of any
computer.â Users may find the information provided by the BBC  and
Bleeping Computer  to be helpful in resolving the problem.
Josh Pitts posted an analysis  of apparently malicious behavior by a
Tor relay that was modifying binary files downloaded over Tor circuits
in which it was the exit node. As Roger Dingledine responded ,
âweâve now set the BadExit flag on this relay, so others wonât
accidentally run across itâ.
David Fifield pointed out  âan apparent negative correlation between
obfs3 users and vanilla usersâ in the Tor Metrics portalâs bridge user
graphs  and wondered what might be causing it.
News from Tor StackExchange
Dodo wants to run several hidden services (HTTP, XMPP, SSH etc.), but
use just one onion address . Jobiwan explained that one can forward
each port to a different service. Further information can be found at
the configuration page for hidden services .
Rodney Hester proxies the DirPort of his relay and saw lots of requests
to nonexistent URLs, of which the most prominent is the URL
/tor/status/all.z , and asks where they are coming from. Do you have
an answer? If so, please share it at Torâs StackExchange site.
Oct 29 13:30 UTC | little-t tor development meeting
| #tor-dev, irc.oftc.net
Oct 31 17:00 CET | OONI development meeting
| #ooni, irc.oftc.net
Nov 03 - 07 | Roger @ WPES and CCS
| Phoenix, Arizona, USA
Nov 03 18:00 UTC | Tor Browser online meeting
| #tor-dev, irc.oftc.net
Nov 03 19:00 UTC | Tails contributors meeting
| #tails-dev (irc.indymedia.org/h7gf2ha3hefoj5ls.onion)
Nov 04 17:00 UTC | little-t tor patch workshop
| #tor-dev, irc.oftc.net
This issue of Tor Weekly News has been assembled by Lunar, qbi, Roger
Dingledine, and Harmony.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page , write down your
name and subscribe to the team mailing list  if you want to
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to