Changes between Version 9 and Version 10 of TorWeeklyNews/2015/12


Ignore:
Timestamp:
Mar 25, 2015, 5:43:17 PM (5 years ago)
Author:
harmony
Comment:

numbers

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2015/12

    v9 v10  
    1717
    1818Nick Mathewson announced three new releases by the core Tor team.
    19 Versions 0.2.4.26 and 0.2.5.11 [XXX] are updates to the stable release
     19Versions 0.2.4.26 and 0.2.5.11 [1] are updates to the stable release
    2020series, featuring backports from later releases and an updated list of
    2121Tor directory authorities.
    2222
    23 Tor 0.2.6.5-rc, meanwhile, is the second release candidate in the
     23Tor 0.2.6.5-rc [2], meanwhile, is the second release candidate in the
    2424upcoming Tor 0.2.6 series. It fixes a couple of possible crashes, and
    2525makes it easier to run Tor inside the Shadow network simulator. To find
    2626out more about all the new features that are expected in this release
    27 series, take a look at Nick’s guide [XXX] on the Tor blog.
     27series, take a look at Nick’s guide [3] on the Tor blog.
    2828
    2929Please see the release announcements for details of all changes, and
    30 download the source code from the distribution directory [XXX].
     30download the source code from the distribution directory [4].
    3131
    32  [XXX]: https://blog.torproject.org/blog/tor-02426-and-02511-are-released
    33  [XXX]: https://blog.torproject.org/blog/tor-0265-rc-released
    34  [XXX]: https://blog.torproject.org/blog/coming-tor-026
    35  [XXX]: https://dist.torproject.org/
     32  [1]: https://blog.torproject.org/blog/tor-02426-and-02511-are-released
     33  [2]: https://blog.torproject.org/blog/tor-0265-rc-released
     34  [3]: https://blog.torproject.org/blog/coming-tor-026
     35  [4]: https://dist.torproject.org/
    3636
    3737Tor Browser 4.0.5 is out
     
    3939
    4040Following the disclosure of two potentially serious security flaws in
    41 Firefox, the Tor Browser team announced [XXX] a pointfix release of the
     41Firefox, the Tor Browser team announced [5] a pointfix release of the
    4242privacy-preserving browser. Tor Browser 4.0.5 is based on Firefox 31.5.3
    43 ESR, fixing flaws in the handling of SVG files [XXX] and Javascript
    44 bounds checking [XXX] that could have allowed an adversary to run
    45 malicious code on a target machine.
     43ESR, fixing flaws in the handling of SVG files [6] and Javascript bounds
     44checking [7] that could have allowed an adversary to run malicious code
     45on a target machine.
    4646
    4747This is an important security update, and all users of the stable Tor
     
    5050version; in the meantime, as Georg Koppen explained, they “are strongly
    5151recommended to use Tor Browser 4.0.5”. Download your copy of the new Tor
    52 Browser from the project page [XXX].
     52Browser from the project page [8].
    5353
    54  [XXX]: https://blog.torproject.org/blog/tor-browser-405-released
    55  [XXX]: https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
    56  [XXX]: https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
    57  [XXX]: https://www.torproject.org/projects/torbrowser.html
     54  [5]: https://blog.torproject.org/blog/tor-browser-405-released
     55  [6]: https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
     56  [7]: https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
     57  [8]: https://www.torproject.org/projects/torbrowser.html
    5858
    5959Tails 1.3.1 is out
    6060------------------
    6161
    62 The Tails 1.3.1 emergency release was put out on March 23 [XXX],
    63 following the Firefox security announcement. As well as Tor Browser
    64 4.0.5, this release includes updates to key software, fixing numerous
    65 security issues [XXX]. All Tails users must upgrade as soon as possible;
    66 see the announcement for download instructions.
     62The Tails 1.3.1 emergency release was put out on March 23 [9], following
     63the Firefox security announcement. As well as Tor Browser 4.0.5, this
     64release includes updates to key software, fixing numerous security
     65issues [10]. All Tails users must upgrade as soon as possible; see the
     66announcement for download instructions.
    6767
    6868This release is also the first to be signed by the Tails team’s new
    6969OpenPGP signing key. For full details of the new key, see the team’s
    70 announcement [XXX].
     70announcement [11].
    7171
    72  [XXX]: https://tails.boum.org/news/version_1.3.1/
    73  [XXX]: https://tails.boum.org/security/Numerous_security_holes_in_1.3/
    74  [XXX]: https://tails.boum.org/news/signing_key_transition/
     72  [9]: https://tails.boum.org/news/version_1.3.1/
     73 [10]: https://tails.boum.org/security/Numerous_security_holes_in_1.3/
     74 [11]: https://tails.boum.org/news/signing_key_transition/
    7575
    7676Who runs most of the Tor network?
     
    8484
    8585In an effort to identify the largest (publicly-declared) groupings of
    86 relays on the Tor network today, Nusenu posted [XXX] a list of entries
    87 found in the MyFamily field [XXX] of Tor relay configuration files,
    88 grouped by total “consensus weight” [XXX]. This list also includes other
     86relays on the Tor network today, Nusenu posted [12] a list of entries
     87found in the MyFamily field [13] of Tor relay configuration files,
     88grouped by total “consensus weight” [14]. This list also includes other
    8989relevant data such as the number of Autonomous Systems, /16 IP address
    9090blocks, and country codes in which these relays are located; as Nusenu
     
    9595
    9696Nusenu also posted shorter lists of the largest relay families sorted by
    97 contact information [XXX], and in the course of all this research was
     97contact information [15], and in the course of all this research was
    9898able to notify some relay operators of problems with their
    99 configuration.  The future of the MyFamily setting is still being
    100 discussed [XXX]; in the meantime, thanks to Nusenu for this impressive
     99configuration. The future of the MyFamily setting is still being
     100discussed [16]; in the meantime, thanks to Nusenu for this impressive
    101101effort!
    102102
    103  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2015-March/037305.html
    104  [XXX]: https://www.torproject.org/docs/faq.html.en#MultipleRelays
    105  [XXX]: https://metrics.torproject.org/about.html#consensus-weight
    106  [XXX]: https://lists.torproject.org/pipermail/tor-relays/2015-March/006657.html
    107  [XXX]: https://bugs.torproject.org/6676
     103 [12]: https://lists.torproject.org/pipermail/tor-talk/2015-March/037305.html
     104 [13]: https://www.torproject.org/docs/faq.html.en#MultipleRelays
     105 [14]: https://metrics.torproject.org/about.html#consensus-weight
     106 [15]: https://lists.torproject.org/pipermail/tor-relays/2015-March/006657.html
     107 [16]: https://bugs.torproject.org/6676
    108108
    109109Miscellaneous news
    110110------------------
    111111
    112 Nathan Freitas announced [XXX] Orbot version 15-alpha-5, bringing
    113 support for the meek and obfs4 pluggable transports, QR code bridge
     112Nathan Freitas announced [17] Orbot version 15-alpha-5, bringing support
     113for the meek and obfs4 pluggable transports, QR code bridge
    114114distribution, and other new features closer to a stable release.
    115115
    116  [XXX]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-March/004283.html
     116 [17]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-March/004283.html
    117117
    118 George Kadianakis invited feedback on proposal 243 [XXX], which would
     118George Kadianakis invited feedback on proposal 243 [18], which would
    119119require Tor relays to earn the “Stable” flag before they are allowed to
    120120act as onion service directories, making it harder for malicious relay
    121121operators to launch denial-of-service attacks on onion services.
    122122
    123  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008532.html
     123 [18]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008532.html
    124124
    125 Nick Mathewson asked for comments [XXX] on a list of possible future
     125Nick Mathewson asked for comments [19] on a list of possible future
    126126improvements to Tor’s controller protocol: “This is a brainstorming
    127127exercise, not a declaration of intent. The goal right now is to generate
     
    129129build later.”
    130130
    131  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008502.html
     131 [19]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008502.html
    132132
    133 David Fifield wondered [XXX] why many of the graphs of Tor user numbers
    134 on the Metrics portal [XXX] appear to show weekly cycles.
     133David Fifield wondered [20] why many of the graphs of Tor user numbers
     134on the Metrics portal [21] appear to show weekly cycles.
    135135
    136  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008473.html
    137  [XXX]: https://metrics.torproject.org
     136 [20]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008473.html
     137 [21]: https://metrics.torproject.org
    138138
    139 Jens Kubieziel posted a list of ideas [XXX] for the further development
     139Jens Kubieziel posted a list of ideas [22] for the further development
    140140of the Torservers organization, following recent discussions.
    141141
    142  [XXX]: https://lists.torproject.org/pipermail/tor-relays/2015-March/006670.html
     142 [22]: https://lists.torproject.org/pipermail/tor-relays/2015-March/006670.html
    143143
    144144Mashael AlSabah and Ian Goldberg published “Performance and Security
    145 Improvements for Tor: A Survey” [XXX], a detailed introduction to the
     145Improvements for Tor: A Survey” [23], a detailed introduction to the
    146146current state of research into performance and security on the Tor
    147147network. If you want to get up to speed on the most important technical
    148148questions facing the Tor development community, start here!
    149149
    150  [XXX]: https://eprint.iacr.org/2015/235
     150 [23]: https://eprint.iacr.org/2015/235
    151151
    152 Aaron Johnson announced [XXX] that this year’s Workshop on Hot Topics in
    153 Privacy Enhancing Technologies (HotPETS) [XXX] is accepting two-page
    154 talk proposals, rather than full-length papers, in the hope that “this
    155 will make it even easier for more of the Tor community to participate,
     152Aaron Johnson announced [24] that this year’s Workshop on Hot Topics in
     153Privacy Enhancing Technologies (HotPETS) [25] is accepting two-page talk
     154proposals, rather than full-length papers, in the hope that “this will
     155make it even easier for more of the Tor community to participate,
    156156especially people who don’t write research papers for a living”. If you
    157157can offer “new ideas, spirited debates, or controversial perspectives on
     
    159159guidelines.
    160160
    161  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2015-March/037294.html
    162  [XXX]: https://www.petsymposium.org/2015/hotpets.php
     161 [24]: https://lists.torproject.org/pipermail/tor-talk/2015-March/037294.html
     162 [25]: https://www.petsymposium.org/2015/hotpets.php
    163163
    164164Upcoming events
     
    184184Want to continue reading TWN? Please help us create this newsletter.
    185185We still need more volunteers to watch the Tor community and report
    186 important news. Please see the project page [XXX], write down your
    187 name and subscribe to the team mailing list [XXX] if you want to
     186important news. Please see the project page [26], write down your
     187name and subscribe to the team mailing list [27] if you want to
    188188get involved!
    189189
    190   [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    191   [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
     190 [26]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
     191 [27]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    192192}}}