Anonymous Servers - Latest Tor Bug Fixes

This is Interesting: Free IT Magazines  
Home > Archive > Anonymous Servers > December 2006 > Latest Tor Bug Fixes





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Latest Tor Bug Fixes
traveler 66

2006-12-17, 7:15 pm

Tor 0.1.1.26 fixes a serious privacy bug for people who use the
HttpProxyAuthenticator config option: Tor would send your proxy auth
directly to the directory server when you're tunnelling directory
requests through Tor. Specifically, this happens when publishing or
accessing hidden services, or when you have set FascistFirewall or
ReachableAddresses and you're accessing a directory server that's not
reachable directly.

The OS X stable bundles now also feature a new Vidalia version (0.0.9)
and a new Privoxy version (3.0.6).

http://tor.eff.org/download.html

If you use HttpProxyAuthenticator, we recommend you switch to 0.1.1.26
or stop using it for now. The upcoming 0.1.2.5-alpha (not yet finished)
will have this bugfix too. For people running 0.1.0.x who absolutely
cannot upgrade, here's your patch:
http://archives.seul.org/or/cvs/Dec-2006/msg00098.html

Changes in version 0.1.1.26 - 2006-12-14
o Security bugfixes:
- Stop sending the HttpProxyAuthenticator string to directory
servers when directory connections are tunnelled through Tor.
- Clients no longer store bandwidth history in the state file.
- Do not log introduction points for hidden services if SafeLogging
is set.

o Minor bugfixes:
- Fix an assert failure when a directory authority sets
AuthDirRejectUnlisted and then receives a descriptor from an
unlisted router (reported by seeess).

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com