Silk Road forums
Discussion => Security => Topic started by: Dobbs on December 21, 2011, 06:38 pm
-
The privacy of Tor users could be exposed by the attack because the previous version of the software used the same Transport Layer Security (TLS) certificate when connecting to different Tor network relays. An attacker who has identified the user’s client key could use the Tor network’s protocols to probe relays to see if the user’s key was connected to it. “Each client or bridge would use the same cert chain for all outgoing [Onion Router] connections until its IP address changes,” wrote Clark, “which allowed any relay that the client or bridge contacted to determine which entry guards it is using.”
Read this here: http://arstechnica.com/business/news/2011/10/tor-project-patches-critical-flaw-in-its-anonymizing-network.ars
I went to the TOR website and couldn't find any mention of an update. What do you think?
-
"New Tor Browser Bundles
Posted December 16th, 2011 by erinn
in
security critical
security fixes
tbb
tor browser
he Tor Browser Bundles have been updated to Tor 0.2.2.35 which has a fix for a security critical bug. Please see the release announcement for further details. All users should update immediately.
Tor Browser Bundle (2.2.35-1)
Update Tor to 0.2.2.35
Update NoScript to 2.2.3
Update Torbutton to 1.4.5
New Firefox patches
Disable SSL Session ID tracking
Provide an observer event to close persistent connections
"
-
I went to the TOR website and couldn't find any mention of an update. What do you think?
I suggest you follow the blog and sign up on the mailing list.
-
https://www.torproject.org/download/download-easy.html
2-2.35-3 is the current build as at today...
-
build 2-2.35-4
..is available..
;)
-
whenever i open TOR it checks for updates automatically - if it says it's out of date just go back to torproject.org and download the new version, which will be the ONLY downloadable version on the main page, then delete your current version and use the new one.
If you delete the current directory, you also delete any bookmarks you've saved in the browser. Just extract the new archive and let it overwrite the directory instead.
-
Updates made for programs which can help people to connect to TOR. purpose of these updates only one to get users fu---d up. I have few years old Linux installation and TOR functioning all that time without any updates, just perfect.
-
Updates made for programs which can help people to connect to TOR. purpose of these updates only one to get users fu---d up. I have few years old Linux installation and TOR functioning all that time without any updates, just perfect.
- thats not the reason behind releasing new builds or versions.
-
Updates made for programs which can help people to connect to TOR. purpose of these updates only one to get users fu---d up. I have few years old Linux installation and TOR functioning all that time without any updates, just perfect.
- thats not the reason behind releasing new builds or versions.
and what is the reason? releasing updates they declaring, our system been fac--d by somebody else and now it is back under control, it is only us. there is no reason for updates is your system secure from day one, and been in first place designed with security in mind.
-
- progress, bug fixes, new ways of doing things, and if you lag behind on an old version of something that you think "works" then don't complain when your ID is compromised or something stops working.
-
- progress, bug fixes, new ways of doing things, and if you lag behind on an old version of something that you think "works" then don't complain when your ID is compromised or something stops working.
I dont care about versions things, I work on old small Linux distro which does not exist.
think, they are fixing bugs. do you think you was safe working on software with bugs. some times later, they again fixing bugs again and so on. at any given moment you are working on software with bugs. does it sound like safe to you. well .. my best wishes then.