headers
Roger Dingledine | 3 Aug 00:19
Picon
Favicon

Tor 0.1.2.16 is released

Tor 0.1.2.16 fixes a critical security vulnerability that allows a
remote attacker in certain situations to rewrite the user's torrc
configuration file. This can completely compromise anonymity of users
in most configurations, including those running the Vidalia bundles,
TorK, etc. Or worse.

Users who do not have ControlPort enabled are secure; if you are not
sure, you should upgrade and you should probably overwrite your torrc
file with the default when you upgrade. More details will be posted over
the next few days.

https://tor.eff.org/download.html

We have Vidalia bundles for OS X Tiger on the website now. The recommended
workaround for Windows users is either to wait until we have a Vidalia
bundle ready, or do separate installs of the Win32 "expert" package from
https://tor.eff.org/download-windows
and the Windows Vidalia-only package from
http://vidalia-project.net/download.php

Changes in version 0.1.2.16 - 2007-08-01
  o Major security fixes:
    - Close immediately after missing authentication on control port;
      do not allow multiple authentication attempts.
Permalink | Reply | 12 comments |
headers
Roger Dingledine | 31 Aug 07:50
Picon
Favicon

Tor 0.1.2.17 is released

Tor 0.1.2.17 features a new Vidalia version in the Windows and OS X
bundles. Vidalia 0.0.14 makes authentication required for the ControlPort
in the default configuration, which addresses important security risks.
Everybody who uses Vidalia (or another controller) should upgrade.

In addition, this Tor update fixes major load balancing problems with
path selection, which should speed things up a lot once many people
have upgraded.

https://tor.eff.org/download.html

Changes in version 0.1.2.17 - 2007-08-30
  o Major bugfixes (security):
    - We removed support for the old (v0) control protocol. It has been
      deprecated since Tor 0.1.1.1-alpha, and keeping it secure has
      become more of a headache than it's worth.

  o Major bugfixes (load balancing):
    - When choosing nodes for non-guard positions, weight guards
      proportionally less, since they already have enough load. Patch
      from Mike Perry.
    - Raise the "max believable bandwidth" from 1.5MB/s to 10MB/s. This
      will allow fast Tor servers to get more attention.
    - When we're upgrading from an old Tor version, forget our current
      guards and pick new ones according to the new weightings. These
      three load balancing patches could raise effective network capacity
      by a factor of four. Thanks to Mike Perry for measurements.

  o Major bugfixes (stream expiration):
    - Expire not-yet-successful application streams in all cases if
(Continue reading)

Permalink | Reply | 0 comments |

Gmane