Changes between Version 16 and Version 17 of TorWeeklyNews/2014/43


Ignore:
Timestamp:
Oct 29, 2014, 4:23:45 PM (5 years ago)
Author:
harmony
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/43

    v16 v17  
    55'''Subject:''' Tor Weekly News — October 29th, 2014
    66
    7 '''Status:''' Frozen. Technical and language fixes only; new items should go in [wiki:TorWeeklyNews/2014/44 next week's issue].
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                       October 29th, 2014
    12 ========================================================================
    13 
    14 Welcome to the forty-third issue in 2014 of Tor Weekly News, the weekly
    15 newsletter that covers what’s happening in the Tor community.
    16 
    17 Tor 0.2.5.10 is out
    18 -------------------
    19 
    20 The 0.2.5.x branch of the core Tor software hit stable, with the release
    21 of 0.2.5.10. As Nick Mathewson explained [1], there have been no changes
    22 since last week’s 0.2.5.9-rc release, and the new features will be
    23 familiar to readers of Tor Weekly News over the past year of
    24 development, but highlights include “improved denial-of-service
    25 resistance for relays, new compiler hardening options, and a system-call
    26 sandbox for hardened installations on Linux”, as well as improvements to
    27 transparent proxying, building and testing, pluggable transport
    28 usability, and much more.
    29 
    30 This release means that Tor versions in the 0.2.3.x series, which has
    31 “received no patches or attention for some while” and “accumulated many
    32 known flaws” [2], are now deprecated. Relay operators running these
    33 versions must upgrade as soon as possible, or risk having their relays
    34 rejected from the network in the near future.
    35 
    36 Please see Nick’s release announcement for the full changelog, and
    37 download your copy of the 0.2.5.10 source code from the distribution
    38 directory [3] or a prebuilt package from your usual repositories.
    39 
    40   [1]: https://lists.torproject.org/pipermail/tor-announce/2014-October/000096.html
    41   [2]: https://lists.torproject.org/pipermail/tor-relays/2014-October/005590.html
    42   [3]: https://dist.torproject.org/
    43 
    44 Miscellaneous news
    45 ------------------
    46 
    47 Jacob Appelbaum announced [4] version 0.1.3 of TorBirdy, a torifying
    48 extension for the Thunderbird email client. Among other things, this
    49 release fixes the recently-reported “wrote:” bug [5], disables the
    50 automatic downloading of messages from POP3 accounts, and ensures that
    51 draft messages for IMAP accounts are stored on the local system rather
    52 than sent over the network. However, as Jacob wrote, “it’s still
    53 experimental”, so “use at your own risk”. See the release announcement
    54 for a full changelog.
    55 
    56   [4]: https://lists.torproject.org/pipermail/tor-talk/2014-October/035326.html
    57   [5]: https://bugs.torproject.org/13480
    58 
    59 Anthony G. Basile announced [6] version 20141022 of tor-ramdisk, the
    60 micro Linux distribution whose only purpose is to host a Tor server in
    61 an environment that maximizes security and privacy. This release
    62 addresses the recent POODLE attack [7] with updates to Tor and OpenSSL,
    63 and also upgrades the Linux kernel.
    64 
    65   [6]: http://opensource.dyc.edu/pipermail/tor-ramdisk/2014-October/000134.html
    66   [7]: https://blog.torproject.org/blog/new-sslv3-attack-found-disable-sslv3-torbrowser
    67 
    68 Yawning Angel called for testing [8] of the revamped tor-fw-helper, a
    69 tool that automates the port forwarding required (for example) by the
    70 flash proxy [9] pluggable transport. Please see Yawning’s message for
    71 full testing instructions and other important information: “Questions,
    72 Comments, Feedback appreciated”.
    73 
    74   [8]: https://lists.torproject.org/pipermail/tor-dev/2014-October/007670.html
    75   [9]: https://crypto.stanford.edu/flashproxy/
    76 
    77 On the Tor blog, Andrew Lewman responded [10] to the abuse of Tor by
    78 creators of so-called “ransomware”, or malware that tries to restrict
    79 access to users’ files unless a ransom is paid; these extortionists
    80 sometimes ask their victims to install Tor software in order to
    81 communicate with them over a hidden service, leading users to the
    82 mistaken belief that The Tor Project is somehow involved. As Andrew
    83 wrote, this software “is unrelated to The Tor Project. We didn’t produce
    84 it, and we didn’t ask to be included in the criminal infection of any
    85 computer.” Users may find the information provided by the BBC [11] and
    86 Bleeping Computer [12] to be helpful in resolving the problem.
    87 
    88  [10]: https://blog.torproject.org/blog/tor-misused-criminals
    89  [11]: https://www.bbc.com/news/technology-28661463
    90  [12]: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
    91 
    92 Josh Pitts posted an analysis [13] of apparently malicious behavior by a
    93 Tor relay that was modifying binary files downloaded over Tor circuits
    94 in which it was the exit node. As Roger Dingledine responded [14],
    95 “we’ve now set the BadExit flag on this relay, so others won’t
    96 accidentally run across it”.
    97 
    98  [13]: http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/
    99  [14]: https://lists.torproject.org/pipermail/tor-talk/2014-October/035340.html
    100 
    101 David Fifield pointed out [15] “an apparent negative correlation between
    102 obfs3 users and vanilla users” in the Tor Metrics portal’s bridge user
    103 graphs [16] and wondered what might be causing it.
    104 
    105  [15]: https://lists.torproject.org/pipermail/tor-dev/2014-October/007659.html
    106  [16]: https://metrics.torproject.org/users.html?graph=userstats-bridge-transport&transport=%3COR%3E&transport=obfs3#userstats-bridge-transport
    107 
    108 News from Tor StackExchange
    109 ---------------------------
    110 
    111 Dodo wants to run several hidden services (HTTP, XMPP, SSH etc.), but
    112 use just one onion address [17]. Jobiwan explained that one can forward
    113 each port to a different service. Further information can be found at
    114 the configuration page for hidden services [18].
    115 
    116  [17]: https://tor.stackexchange.com/q/4437/88
    117  [18]: https://www.torproject.org/docs/tor-hidden-service.html.en#three
    118 
    119 Rodney Hester proxies the DirPort of his relay and saw lots of requests
    120 to nonexistent URLs, of which the most prominent is the URL
    121 /tor/status/all.z [19], and asks where they are coming from. Do you have
    122 an answer? If so, please share it at Tor’s StackExchange site.
    123 
    124  [19]: https://tor.stackexchange.com/q/4452/88
    125 
    126 Upcoming events
    127 ---------------
    128 
    129   Oct 29 13:30 UTC | little-t tor development meeting
    130                    | #tor-dev, irc.oftc.net
    131                    |
    132   Oct 31 17:00 CET | OONI development meeting
    133                    | #ooni, irc.oftc.net
    134                    |
    135   Nov 03 - 07      | Roger @ WPES and CCS
    136                    | Phoenix, Arizona, USA
    137                    | https://www.cylab.cmu.edu/news_events/events/wpes2014/
    138                    | http://www.sigsac.org/ccs/CCS2014/
    139                    |
    140   Nov 03 18:00 UTC | Tor Browser online meeting
    141                    | #tor-dev, irc.oftc.net
    142                    |
    143   Nov 03 19:00 UTC | Tails contributors meeting
    144                    | #tails-dev (irc.indymedia.org/h7gf2ha3hefoj5ls.onion)
    145                    | https://mailman.boum.org/pipermail/tails-project/2014-October/000045.html
    146                    |
    147   Nov 04 17:00 UTC | little-t tor patch workshop
    148                    | #tor-dev, irc.oftc.net
    149 
    150 
    151 This issue of Tor Weekly News has been assembled by Lunar, qbi, Roger
    152 Dingledine, and Harmony.
    153 
    154 Want to continue reading TWN? Please help us create this newsletter.
    155 We still need more volunteers to watch the Tor community and report
    156 important news. Please see the project page [20], write down your
    157 name and subscribe to the team mailing list [21] if you want to
    158 get involved!
    159 
    160  [20]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    161  [21]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    162 }}}
     7'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2014-October/000069.html Sent].