Changes between Version 10 and Version 11 of TorWeeklyNews/2015/12


Ignore:
Timestamp:
Mar 25, 2015, 6:02:49 PM (5 years ago)
Author:
harmony
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2015/12

    v10 v11  
    55'''Subject:''' Tor Weekly News — March 25th, 2015
    66
    7 {{{
    8 ========================================================================
    9 Tor Weekly News                                         March 25th, 2015
    10 ========================================================================
    11 
    12 Welcome to the twelfth issue in 2015 of Tor Weekly News, the weekly
    13 newsletter that covers what’s happening in the Tor community.
    14 
    15 Tor 0.2.4.26, 0.2.5.11, and 0.2.6.5-rc are out
    16 ----------------------------------------------
    17 
    18 Nick Mathewson announced three new releases by the core Tor team.
    19 Versions 0.2.4.26 and 0.2.5.11 [1] are updates to the stable release
    20 series, featuring backports from later releases and an updated list of
    21 Tor directory authorities.
    22 
    23 Tor 0.2.6.5-rc [2], meanwhile, is the second release candidate in the
    24 upcoming Tor 0.2.6 series. It fixes a couple of possible crashes, and
    25 makes it easier to run Tor inside the Shadow network simulator. To find
    26 out more about all the new features that are expected in this release
    27 series, take a look at Nick’s guide [3] on the Tor blog.
    28 
    29 Please see the release announcements for details of all changes, and
    30 download the source code from the distribution directory [4].
    31 
    32   [1]: https://blog.torproject.org/blog/tor-02426-and-02511-are-released
    33   [2]: https://blog.torproject.org/blog/tor-0265-rc-released
    34   [3]: https://blog.torproject.org/blog/coming-tor-026
    35   [4]: https://dist.torproject.org/
    36 
    37 Tor Browser 4.0.5 is out
    38 ------------------------
    39 
    40 Following the disclosure of two potentially serious security flaws in
    41 Firefox, the Tor Browser team announced [5] a pointfix release of the
    42 privacy-preserving browser. Tor Browser 4.0.5 is based on Firefox 31.5.3
    43 ESR, fixing flaws in the handling of SVG files [6] and Javascript bounds
    44 checking [7] that could have allowed an adversary to run malicious code
    45 on a target machine.
    46 
    47 This is an important security update, and all users of the stable Tor
    48 Browser should upgrade as soon as possible. Users of the alpha Tor
    49 Browser release channel will need to wait another week for an updated
    50 version; in the meantime, as Georg Koppen explained, they “are strongly
    51 recommended to use Tor Browser 4.0.5”. Download your copy of the new Tor
    52 Browser from the project page [8].
    53 
    54   [5]: https://blog.torproject.org/blog/tor-browser-405-released
    55   [6]: https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
    56   [7]: https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
    57   [8]: https://www.torproject.org/projects/torbrowser.html
    58 
    59 Tails 1.3.1 is out
    60 ------------------
    61 
    62 The Tails 1.3.1 emergency release was put out on March 23 [9], following
    63 the Firefox security announcement. As well as Tor Browser 4.0.5, this
    64 release includes updates to key software, fixing numerous security
    65 issues [10]. All Tails users must upgrade as soon as possible; see the
    66 announcement for download instructions.
    67 
    68 This release is also the first to be signed by the Tails team’s new
    69 OpenPGP signing key. For full details of the new key, see the team’s
    70 announcement [11].
    71 
    72   [9]: https://tails.boum.org/news/version_1.3.1/
    73  [10]: https://tails.boum.org/security/Numerous_security_holes_in_1.3/
    74  [11]: https://tails.boum.org/news/signing_key_transition/
    75 
    76 Who runs most of the Tor network?
    77 ---------------------------------
    78 
    79 The Tor network is a diverse and mostly decentralized system, and it
    80 would not exist without the efforts of thousands of volunteer relay
    81 operators around the world. Some focus on the task of maintaining a
    82 single relay, while others set up “families” of nodes that handle a
    83 larger share of Tor traffic.
    84 
    85 In an effort to identify the largest (publicly-declared) groupings of
    86 relays on the Tor network today, Nusenu posted [12] a list of entries
    87 found in the MyFamily field [13] of Tor relay configuration files,
    88 grouped by total “consensus weight” [14]. This list also includes other
    89 relevant data such as the number of Autonomous Systems, /16 IP address
    90 blocks, and country codes in which these relays are located; as Nusenu
    91 says, “more is better” for these statistics, at least as far as
    92 diversity is concerned. If the concentration of relays in one location
    93 is too high, there is a greater risk that a single adversary will be
    94 able to see a large proportion of Tor traffic.
    95 
    96 Nusenu also posted shorter lists of the largest relay families sorted by
    97 contact information [15], and in the course of all this research was
    98 able to notify some relay operators of problems with their
    99 configuration. The future of the MyFamily setting is still being
    100 discussed [16]; in the meantime, thanks to Nusenu for this impressive
    101 effort!
    102 
    103  [12]: https://lists.torproject.org/pipermail/tor-talk/2015-March/037305.html
    104  [13]: https://www.torproject.org/docs/faq.html.en#MultipleRelays
    105  [14]: https://metrics.torproject.org/about.html#consensus-weight
    106  [15]: https://lists.torproject.org/pipermail/tor-relays/2015-March/006657.html
    107  [16]: https://bugs.torproject.org/6676
    108 
    109 Miscellaneous news
    110 ------------------
    111 
    112 Nathan Freitas announced [17] Orbot version 15-alpha-5, bringing support
    113 for the meek and obfs4 pluggable transports, QR code bridge
    114 distribution, and other new features closer to a stable release.
    115 
    116  [17]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-March/004283.html
    117 
    118 George Kadianakis invited feedback on proposal 243 [18], which would
    119 require Tor relays to earn the “Stable” flag before they are allowed to
    120 act as onion service directories, making it harder for malicious relay
    121 operators to launch denial-of-service attacks on onion services.
    122 
    123  [18]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008532.html
    124 
    125 Nick Mathewson asked for comments [19] on a list of possible future
    126 improvements to Tor’s controller protocol: “This is a brainstorming
    127 exercise, not a declaration of intent. The goal right now is to generate
    128 a lot of ideas and thoughts now, and to make decisions about what to
    129 build later.”
    130 
    131  [19]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008502.html
    132 
    133 David Fifield wondered [20] why many of the graphs of Tor user numbers
    134 on the Metrics portal [21] appear to show weekly cycles.
    135 
    136  [20]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008473.html
    137  [21]: https://metrics.torproject.org
    138 
    139 Jens Kubieziel posted a list of ideas [22] for the further development
    140 of the Torservers organization, following recent discussions.
    141 
    142  [22]: https://lists.torproject.org/pipermail/tor-relays/2015-March/006670.html
    143 
    144 Mashael AlSabah and Ian Goldberg published “Performance and Security
    145 Improvements for Tor: A Survey” [23], a detailed introduction to the
    146 current state of research into performance and security on the Tor
    147 network. If you want to get up to speed on the most important technical
    148 questions facing the Tor development community, start here!
    149 
    150  [23]: https://eprint.iacr.org/2015/235
    151 
    152 Aaron Johnson announced [24] that this year’s Workshop on Hot Topics in
    153 Privacy Enhancing Technologies (HotPETS) [25] is accepting two-page talk
    154 proposals, rather than full-length papers, in the hope that “this will
    155 make it even easier for more of the Tor community to participate,
    156 especially people who don’t write research papers for a living”. If you
    157 can offer “new ideas, spirited debates, or controversial perspectives on
    158 privacy (and lack thereof)”, see the Workshop’s website for submission
    159 guidelines.
    160 
    161  [24]: https://lists.torproject.org/pipermail/tor-talk/2015-March/037294.html
    162  [25]: https://www.petsymposium.org/2015/hotpets.php
    163 
    164 Upcoming events
    165 ---------------
    166 
    167   Mar 30 18:00 UTC | Tor Browser online meeting
    168                    | #tor-dev, irc.oftc.net
    169                    |
    170   Mar 30 18:00 UTC | OONI development meeting
    171                    | #ooni, irc.oftc.net
    172                    |
    173   Mar 31 18:00 UTC | little-t tor patch workshop
    174                    | #tor-dev, irc.oftc.net
    175                    |
    176   Apr 03 20:00 UTC | Tails contributors meeting
    177                    | #tails-dev, irc.oftc.net
    178                    | https://mailman.boum.org/pipermail/tails-project/2015-March/000159.html
    179 
    180 
    181 This issue of Tor Weekly News has been assembled by Harmony, the Tails
    182 team, nicoo, and other contributors.
    183 
    184 Want to continue reading TWN? Please help us create this newsletter.
    185 We still need more volunteers to watch the Tor community and report
    186 important news. Please see the project page [26], write down your
    187 name and subscribe to the team mailing list [27] if you want to
    188 get involved!
    189 
    190  [26]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    191  [27]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    192 }}}
     7'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2015-March/000090.html Sent].