Silk Road forums

Discussion => Security => Topic started by: Dobbs on December 21, 2011, 06:38 pm

Title: Is there a TOR update?
Post by: Dobbs on December 21, 2011, 06:38 pm
The privacy of Tor users could be exposed by the attack because the previous version of the software used the same Transport Layer Security (TLS) certificate when connecting to different Tor network relays. An attacker who has identified the user’s client key could use the Tor network’s protocols to probe relays to see if the user’s key was connected to it. “Each client or bridge would use the same cert chain for all outgoing [Onion Router] connections until its IP address changes,” wrote Clark, “which allowed any relay that the client or bridge contacted to determine which entry guards it is using.”

Read this here:  http://arstechnica.com/business/news/2011/10/tor-project-patches-critical-flaw-in-its-anonymizing-network.ars

I went to the TOR website and couldn't find any mention of an update.  What do you think?
Title: Re: Is there a TOR update?
Post by: TravellingWithoutMoving on December 21, 2011, 06:53 pm
"New Tor Browser Bundles
Posted December 16th, 2011 by erinn
in
    security critical
    security fixes
    tbb
    tor browser

he Tor Browser Bundles have been updated to Tor 0.2.2.35 which has a fix for a security critical bug. Please see the release announcement for further details. All users should update immediately.
Tor Browser Bundle (2.2.35-1)

    Update Tor to 0.2.2.35
    Update NoScript to 2.2.3
    Update Torbutton to 1.4.5
    New Firefox patches
        Disable SSL Session ID tracking
        Provide an observer event to close persistent connections
"
Title: Re: Is there a TOR update?
Post by: supersecretsquirrel on December 22, 2011, 09:13 am
I went to the TOR website and couldn't find any mention of an update.  What do you think?

I suggest you follow the blog and sign up on the mailing list.
Title: Re: Is there a TOR update?
Post by: TravellingWithoutMoving on December 23, 2011, 12:14 pm
https://www.torproject.org/download/download-easy.html

2-2.35-3  is the current build as at today...
Title: Re: Is there a TOR update?
Post by: TravellingWithoutMoving on January 07, 2012, 07:15 am
build 2-2.35-4
..is available..

 ;)
Title: Re: Is there a TOR update?
Post by: supersecretsquirrel on January 07, 2012, 10:14 am
whenever i open TOR it checks for updates automatically - if it says it's out of date just go back to torproject.org and download the new version, which will be the ONLY downloadable version on the main page, then delete your current version and use the new one.

If you delete the current directory, you also delete any bookmarks you've saved in the browser. Just extract the new archive and let it overwrite the directory instead.
Title: Re: Is there a TOR update?
Post by: Tranzshipper on January 11, 2012, 02:15 am
Updates made for programs which can help people to connect to TOR. purpose of these updates only one to get users fu---d up. I have few years old Linux installation and TOR functioning all that time without any updates, just perfect.
Title: Re: Is there a TOR update?
Post by: TravellingWithoutMoving on January 11, 2012, 08:35 am
Updates made for programs which can help people to connect to TOR. purpose of these updates only one to get users fu---d up. I have few years old Linux installation and TOR functioning all that time without any updates, just perfect.

- thats not the reason behind releasing new builds or versions.

Title: Re: Is there a TOR update?
Post by: Tranzshipper on January 11, 2012, 09:25 am
Updates made for programs which can help people to connect to TOR. purpose of these updates only one to get users fu---d up. I have few years old Linux installation and TOR functioning all that time without any updates, just perfect.

- thats not the reason behind releasing new builds or versions.

and what is the reason? releasing updates they declaring, our system been fac--d by somebody else and now it is back under control, it is only us. there is no reason for updates is your system secure from day one, and been in first place designed with security in mind.
Title: Re: Is there a TOR update?
Post by: TravellingWithoutMoving on January 11, 2012, 09:35 am
- progress, bug fixes, new ways of doing things, and if you lag behind on an old version of something that you think "works" then don't complain when your ID is compromised or something stops working.

Title: Re: Is there a TOR update?
Post by: Tranzshipper on January 11, 2012, 10:22 am
- progress, bug fixes, new ways of doing things, and if you lag behind on an old version of something that you think "works" then don't complain when your ID is compromised or something stops working.

I dont care about versions things, I work on old small Linux distro which does not exist.

think,  they are fixing bugs. do you think you was safe working on software with bugs. some times later, they again fixing bugs again and so on. at any given moment you are working on software with bugs. does it sound like safe to you. well .. my best wishes then.