Changes between Version 38 and Version 39 of TorWeeklyNews/2013/25


Ignore:
Timestamp:
Dec 25, 2013, 1:35:27 PM (5 years ago)
Author:
lunar
Comment:

Sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2013/25

    v38 v39  
    33'''Editor:''' Lunar
    44
    5 '''Status:''' FROZEN! Language and technical fixes welcome. New items should go on [wiki:TorWeeklyNews/2014/1 next week's page].
    6 
    7 '''Subject:''' Tor Weekly News — December 25th, 2013
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                      December 25th, 2013
    12 ========================================================================
    13 
    14 Welcome to the 26th issue of Tor Weekly News, the weekly newsletter that
    15 covers what is happening in the Tor community.
    16 
    17 The 3.x series of the Tor Browser Bundle is now stable
    18 ------------------------------------------------------
    19 
    20 After more than a year of work, Mike Perry has officially blessed the
    21 3.5 release of the Tor Browser Bundle as the new stable release [1].
    22 Improving on the previous stable series, it features a deterministic
    23 build system [2] for distributed trust [3], a new integrated interface
    24 to interact with Tor [4] and all the improvements from Tor 0.2.4 [5].
    25 
    26 Users of the previous 2.x series might be a little disoriented by the
    27 user interface changes. David Fifield, Matt Pagan and others have been
    28 compiling the most frequent questions [6] heard after the switch.  Until
    29 the integrated browser interface catches up, new Vidalia bundles are now
    30 available [7] for those who need them. Erinn Clark is ironing out the
    31 remaining integration issues.
    32 
    33 With the discontinuation of Firefox 17 ESR, the new release had to be
    34 pushed to users to avoid exposing them to security holes.  Firefox 24
    35 ESR, on which the Tor Browser is now based, should be supported by
    36 Mozilla for approximately one year. This will leave our browser hackers
    37 some time to focus more on user experience improvements, test
    38 automation, and better resistance to fingerprinting issues.
    39 
    40 Several tutorials, videos, and bits of documentation might now in one
    41 way or another be out-of-date in many places. Please help report them
    42 or, even better, write up some updated versions.
    43 
    44 This release is quite a milestone for the project. Update and enjoy!
    45 
    46    [1] https://blog.torproject.org/blog/tor-browser-bundle-35-released
    47    [2] https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details
    48    [3] https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise
    49    [4] https://gitweb.torproject.org/tor-launcher.git
    50    [5] https://lists.torproject.org/pipermail/tor-talk/2013-December/031392.html
    51    [6] https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ
    52    [7] https://people.torproject.org/~erinn/vidalia-standalone-bundles/
    53 
    54 The Tor Project now accepts donation in Bitcoin
    55 -----------------------------------------------
    56 
    57 As is often pointed out in the press, the majority of the Tor Project’s
    58 financial support comes from US government-linked organizations. In the
    59 ongoing effort to offer as many possible ways for individuals and
    60 organizations to give help to the project, Bitcoin donations are now
    61 being accepted [8].
    62 
    63 As Roger Dingledine wrote in a subsequent comment: “We really need to
    64 get some funding for core Tor development, and especially for improving
    65 Tor’s anonymity, because none of our current funders care enough about
    66 the anonymity side of Tor. Outreach and blocking-resistance are great
    67 topics, but we can’t let the anonymity part rot.”
    68 
    69 Head over to the donations page [9] to learn more about how to chip in
    70 with Bitcoins or other currencies.
    71 
    72    [8] https://blog.torproject.org/blog/announcement-tor-project-now-accepting-bitcoin-donations
    73    [9] https://www.torproject.org/donate/donate#bitcoin
    74 
    75 Tor 0.2.4.20 is out
    76 -------------------
    77 
    78 The first update to the new stable branch of Tor has been released [10]
    79 on December 23rd. It fixes an issue that would create more preemptive
    80 circuits than actually need, and a security issue related to poor random
    81 number generation.
    82 
    83 The latter affects “users who 1) use OpenSSL 1.0.0 or later, 2) set
    84 ‘HardwareAccel 1’ in their torrc file, 3) have ‘Sandy Bridge’ or ‘Ivy
    85 Bridge’ Intel processors, and 4) have no state file in their
    86 DataDirectory (as would happen on first start). Users who generated
    87 relay or hidden service identity keys in such a situation should discard
    88 them and generate new ones.”
    89 
    90 The source code is already available from the usual location [11].
    91 Update packages and bundles should be ready soon.
    92 
    93   [10] https://lists.torproject.org/pipermail/tor-talk/2013-December/031483.html
    94   [11] https://www.torproject.org/dist/
    95 
    96 Tor events at the 30th Chaos Communication Congress
    97 ---------------------------------------------------
    98 
    99 The Chaos Computer Club will be holding its 30th Congress [12] in
    100 Hamburg between the 27th and the 30th of December, and as usual there
    101 are a number of Tor-related talks and events scheduled.
    102 
    103 Following their session on the Tor ecosystem at 29c3 [13], Tor Project
    104 members Roger Dingledine and Jacob Appelbaum will be giving a talk
    105 entitled “The Tor Network: We’re living in interesting times” [14], in
    106 which they discuss the Project’s work over the last few years, with
    107 special reference to “major cryptographic upgrades in the Tor network,
    108 interesting academic papers in attacking the Tor network, major high
    109 profile users breaking news about the network itself, discussions about
    110 funding, FBI/NSA exploitation of Tor Browser users, botnet related load
    111 on the Tor network, and other important topics”.
    112 
    113 Their talk will be followed by a discussion involving everyone
    114 interested in helping Tor [15] at the NoisySquare assembly. The Tor
    115 ecosystem is now made up of more than forty different projects, and
    116 there are sure to be ways you can help. Bring your skills and your
    117 energy!
    118 
    119 Torservers.net will be holding a meeting of Tor relay operators and
    120 organizations [16], featuring “quick presentations on recent and future
    121 activities around Torservers.net”, to be followed by the official
    122 members’ meeting of the German Torservers.net partner organization,
    123 Zwiebelfreunde e.V.
    124 
    125 #youbroketheinternet will hold a session on the future of crypto routing
    126 backends [17]: “Even the IETF is now considering that Onion Routing
    127 should be a fundamental capability of the Internet. How would that look
    128 in practice?”
    129 
    130 If you are attending the Congress, feel free to come along and
    131 participate in these sessions; if not, you should be able to catch up
    132 with the talks online.
    133 
    134   [12] https://www.ccc.de/en/updates/2013/30c3
    135   [13] https://media.torproject.org/video/29c3-5306-en-the_tor_software_ecosystem_h264.mp4
    136   [14] https://events.ccc.de/congress/2013/Fahrplan/events/5423.html
    137   [15] https://events.ccc.de/congress/2013/wiki/Session:How_to_help_Tor%3F
    138   [16] https://events.ccc.de/congress/2013/wiki/Session:Tor_Relay_Operators_Meetup
    139   [17] https://events.ccc.de/congress/2013/wiki/Session:YBTI_Cryptographic_Routing
    140 
    141 Miscellaneous news
    142 ------------------
    143 
    144 Anthony G. Basile released version 20131216 [18] of Tor-ramdisk, a
    145 “uClibc-based micro Linux distribution whose only purpose is to host a
    146 Tor server in an environment that maximizes security and privacy.” This
    147 new release is the first to ship the 0.2.4 branch of Tor.
    148 
    149   [18] http://opensource.dyc.edu/pipermail/tor-ramdisk/2013-December/000107.html
    150 
    151 For those who like hazardous experiments, intrigeri sent a call for
    152 testing [19] an experimental Tails image with preliminary UEFI support —
    153 users of Apple hardware should be particularly interested. anonym also
    154 announced [20] that test images from the MAC spoofing branch were
    155 available.
    156 
    157   [19] https://mailman.boum.org/pipermail/tails-dev/2013-December/004538.html
    158   [20] https://mailman.boum.org/pipermail/tails-dev/2013-December/004547.html
    159 
    160 Nick Mathewson sent his now-monthly review of the status of Tor's
    161 proposals [21]. Karsten Loesing followed-up by commenting on several
    162 of those related to the directory protocol. Have a look, you might also
    163 be able to move things forward!
    164 
    165   [21] https://lists.torproject.org/pipermail/tor-dev/2013-December/005957.html
    166 
    167 Many thanks to John Sweeney of otivpn.com [22], Jeremy J. Olson of
    168 EPRCI [23], and les.net [24] for running mirrors of the Tor Project
    169 website.
    170 
    171   [22] https://lists.torproject.org/pipermail/tor-mirrors/2013-December/000403.html
    172   [23] https://lists.torproject.org/pipermail/tor-mirrors/2013-December/000411.html
    173   [24] https://lists.torproject.org/pipermail/tor-mirrors/2013-December/000415.html
    174 
    175 Karsten Loesing has been experimenting with replacements [25] for the “fast exits”
    176 graphs that would convey a better feeling of the network growth. He also deployed
    177 a new visualization for the fraction of connections used uni-/bidirectionally [26].
    178 
    179   [25] https://trac.torproject.org/projects/tor/ticket/10460
    180   [26] https://metrics.torproject.org/performance.html#connbidirect
    181 
    182 Tor help desk roundup
    183 ---------------------
    184 
    185 Multiple users have now emailed the help desk regarding a particular
    186 type of “ransomware” [27] that encrypts the hard drive of Windows
    187 computers and won’t give users the decryption key until a payment is
    188 made. Victims of this malware have emailed the help desk because the
    189 ransomware message includes a link to a tor hidden service site. Malware
    190 victims wanted to know how to install the Tor Browser, or thought the
    191 Tor Project was the source of the malware.
    192 
    193 The Tor Project does not make malware; in the past Tor developers have
    194 worked with anti-virus developers to help stop other types of malware.
    195 Users affected might find useful information in this guide [28]. If you
    196 have not been affected, the story might be a good reminder to think
    197 about your backups.
    198 
    199   [27] https://en.wikipedia.org/wiki/Ransomware_%28malware%29
    200   [28] http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
    201 
    202 Upcoming events
    203 ---------------
    204 
    205 Dec 27-30 | Tor @ 30th Chaos Communication Congress
    206           | Hamburg, Germany
    207           | https://events.ccc.de/congress/2013/
    208           |
    209 Jan 13-15 | Tor @ Real World Crypto 2014
    210           | New York City, USA
    211           | https://realworldcrypto.wordpress.com/
    212 
    213 
    214 This issue of Tor Weekly News has been assembled by Lunar, harmony,
    215 Matt Pagan and dope457.
    216 
    217 Want to continue reading TWN? Please help us create this newsletter.
    218 We still need more volunteers to watch the Tor community and report
    219 important news. Please see the project page [29], write down your
    220 name and subscribe to the team mailing list [30] if you want to
    221 get involved!
    222 
    223   [29] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    224   [30] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    225 }}}
     5'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2013-December/000026.html Sent]