[e-privacy] New Tor security fix
Marco A. Calamari
marcoc1 at dada.it
Thu Jan 21 14:40:58 CET 2010
FYI
-------- Forwarded Message --------
From: Roger Dingledine <arma at mit.edu>
To: or-announce at torproject.org
Subject: Tor 0.2.1.22 is released (security fix)
Date: Thu, 21 Jan 2010 00:18:58 -0500
Tor 0.2.1.22 rotates two of the seven v3 directory authority keys and
locations, due to a security breach of some of the Torproject servers:
http://archives.seul.org/or/talk/Jan-2010/msg00161.html
It also fixes a privacy problem in bridge directory authorities -- it
would tell you its whole history of bridge descriptors if you make the
right directory request.
Everybody should upgrade:
https://www.torproject.org/easy-download
(Tor Browser Bundle updates coming in the next few days, hopefully.)
Changes in version 0.2.1.22 - 2010-01-19
o Directory authority changes:
- Rotate keys (both v3 identity and relay identity) for moria1
and gabelmoo.
o Major bugfixes:
- Stop bridge directory authorities from answering dbg-stability.txt
directory queries, which would let people fetch a list of all
bridge identities they track. Bugfix on 0.2.1.6-alpha.
--
+--------------- http://www.winstonsmith.info ---------------+
| il Progetto Winston Smith: scolleghiamo il Grande Fratello |
| the Winston Smith Project: unplug the Big Brother |
| Marco A. Calamari marcoc at marcoc.it http://www.marcoc.it |
| DSS/DH: 8F3E 5BAE 906F B416 9242 1C10 8661 24A9 BFCE 822B |
+ PGP RSA: ED84 3839 6C4D 3FFE 389F 209E 3128 5698 ----------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
URL: <http://lists.winstonsmith.org/pipermail/e-privacy/attachments/20100121/61e016cc/attachment.pgp>
More information about the E-privacy
mailing list