[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cancelled black hat talk



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

>> I think I have a handle on what they did, and how to fix it.
>> We've been trying to find delicate ways to explain that we think
>> we know what they did, but also it sure would have been smoother
>> if they'd opted to tell us everything. The main reason for trying
>> to be delicate is that I don't want to discourage future
>> researchers from telling us about neat things that they find. I'm
>> currently waiting for them to answer their mail so I can
>> proceed.
> 
> I have timed out on them and put out two new releases plus a
> security advisory: 
> https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack

thanks!

Surprised
> 
to see the fix of a bug that was worth a tor security
advisory to be in the "Minor bugfixes" section of the changelog.

> o Minor bugfixes: - Warn and drop the circuit if we receive an
> inbound 'relay early' cell. Those used to be normal to receive on
> hidden service circuits due to bug 1038, but the buggy Tor versions
> are long gone from the network so we can afford to resume watching
> for them. Resolves the rest of bug 1038; bugfix on 0.2.1.19.


So I guess "Minor bugfixes" can have quiet an impact as well then.
Will watch 'minor bugfixes' closer in the future ;)



-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT2WwgAAoJEDcK3SCCSvoeTBcP/0//HDaNIhgI7j5K4eIU1Ae8
Pbxx9YJL8NqPv65nI6qRBWOIYTp7nfXYMdOt+yvRN80B/UI1QC8UGx96CKInkDj1
SIPt3BAo+AUTlI4PN2HXxkSaw66Rz9fKNaQsLNit1vlfNuI5VO7SL3mQqmoxOfw4
sUdG1ne6UlmEQNJkoVu7OBlq9+DcjTVy2Hj175Q+wcKZ87jZpX6teVhl/gzm0hfU
FYOr9vlMYSwa8rYYrwTEvOinW55yhsazLKyV1Eq/qZM3QWIK1hiN9LhR6xmlirCy
Ewl/rZckNvvvB08l/EnifE4nJKwTew047cvCSJh9DBQ7/7BoHnlkNz26gB27JLxi
ooz69uilyuY207+3TJpSn2KfEAUyQHG/C81ZPvOX+It7LIuumpfRW22Pr73yHRrZ
uzQ10NB7p7VCWZIgGCV5PLRBchk1O/5CIJpsEpKmx/772IUUTMqNlLMYmBekCJiO
CCxAi3BgqHsHo0g72J7yoq6hs2hr9dMA7ScmniTH+SqKux5hxdpCl7pM4JE8JNS9
K8R3wVU7Z/xEPqxq9dZyTuat2ASDhKrUP0dq2iNYXWlSOGzj7wOzH2xjkQkgbhSl
gJ2QIzYYgrsC0K/UWvWaRBe4S3Ljki40Hhh4SaoPLzSQ0LILD7tEAS5eS03GM58p
oKHbtKQwdQ/q8YY4v+Pd
=yVXu
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk