[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Aug 19 11:00:13 UTC 2014
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/33 ===
===========================================================================
version 37
Author: harmony
Date: 2014-08-19T10:25:09+00:00
undo conflict
--- version 36
+++ version 37
@@ -56,6 +56,61 @@
[XXX]: https://blog.torproject.org/blog/how-use-%E2%80%9Cmeek%E2%80%9D-pluggable-transport
[XXX]: https://www.torproject.org/dist/torbrowser/
+The Tor network doesn't support addressing relays by name anymore
+-----------------------------------------------------------------
+
+Since the very first versions of Tor [XXX], relay operators have been
+able specify “nicknames” for their relays. Such nicknames were initially
+meant to be unique accross the network, and operators of directory
+authorities would manually “bind” a relay identity key after verifying
+the nickname. The process became formalized with the “Named” flag
+introduced in the 0.1.1 series [XXX], and latter automated with the
+0.2.0 series. If a relay held a unique nickname for long enough, the
+authority would recognize the binding, and subsequently reserve the name
+for half a year.
+
+Nicknames are useful because it appears humans are not very good at
+thinking using long strings of random bits. Initially, they made it
+possible to understand what was happening in the network more easily,
+and to address a specific relay in a shorter way. Having two relays with
+the same nickname in the whole network is not really problematic when
+one is looking at nodes, or a list on Globe [XXX] as relays can always
+be differentiated by their IP addresses or identity keys.
+
+But complications start when nicknames are used to specify a relay and
+not another. If the wrong relay get selected, then it can become a
+security risk. Even if a good amount of efforts [XXX] have been spent
+trying to improve the situation, properly enforcing uniqueness has
+always been problematic and a burden for the few directory authorities
+handling naming.
+
+Back in April, “Heartblead” [XXX] forced many relays to switch to a new
+identity key, thus loosing their “Named” flag. Because this meant that
+anyone addressing relays with nickname would now have a hard time
+continuing to do so, this was seen by Sebastian Hahn as the opportunity
+to get rid of the idea entirely [XXX].
+
+This week, Sebastian wrote [XXX]: “Code review down to 0.2.3.x has shown
+that the naming-related code hasn't changed much at all, and no issues
+were found which would mean a Named-flag free consensus would cause any
+problems. gabelmoo and tor26 have stopped acting as Naming Directory
+Authorities, and — pending any issues — will stay that way.”
+
+This mans that addressing relays by nicknames has now stopped working.
+“If you — in your Tor configuration file — refer to any relay by name
+and not by identity hash, please change that immediately. Future
+versions of Tor will not support using names in the configuration at
+all”, warns Sebastian [XXX].
+
+ [XXX]: https://gitweb.torproject.org/tor.git/blob/161d7d1:/src/config/torrc.in#l20
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/attic/dir-spec-v2.txt#l427
+ [XXX]: https://globe.torproject.org/#/search/query=Unnamed
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/122-unnamed-flag.txt
+ [XXX]: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/235-kill-named-flag.txt
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007348.html
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-August/034380.html
+
Miscellaneous news
------------------
@@ -155,8 +210,8 @@
| https://mailman.boum.org/pipermail/tails-project/2014-August/000016.html
-This issue of Tor Weekly News has been assembled by XXX, Matt Pagan, and
-XXX.
+This issue of Tor Weekly News has been assembled by XXX, Matt Pagan,
+Sebastian Hahn and Ximin Luo.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
@@ -168,14 +223,13 @@
[XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
-* Tor-related talks at [https://www.defcon.org/html/defcon-22/dc-22-index.html Def Con 22], August 7–10, 2014 in Las Vegas:
+* (''Not sure how to write this, I wish dcf could provide a short writeup -- Lunar'') Tor-related talks at [https://www.defcon.org/html/defcon-22/dc-22-index.html Def Con 22], August 7–10, 2014 in Las Vegas:
* [https://defcon.org/html/defcon-22/dc-22-speakers.html#Zoz Don’t Fuck It Up] ([http://dropcanvas.com/d85g8 slides], temporary URL) by Zoz. Zoz talked about how to use Tor and other tools to keep safe while practicing civil disobedience.
* [https://defcon.org/html/defcon-22/dc-22-speakers.html#Lackey Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring] ([https://www.portalmasq.com/portal-defcon.pdf slides], [http://arstechnica.com/information-technology/2014/08/a-portable-router-that-conceals-your-internet-traffic/ Ars Technica]) by Ryan Lackey, Marc Rogers, and the Grugq. The talk was different than what the title and abstract imply. They discussed a hardware "travel router" running Tor and pluggable transports (see pages 24 ff. of the slides).
* [https://defcon.org/html/defcon-22/dc-22-speakers.html#Vedaa Impostor — Polluting Tor Metadata] by Charlie Vedaa and Mike Larsen. The authors presented simple JavaScript programs designed to cause false positives for Tor-detecting rules in network monitors such as Snort, Bro, and XKeyScore. Their programs are at http://impostor.io/.
* ''I (dcf) didn't see this one, so I can't say anything about it.''\\
[https://defcon.org/html/defcon-22/dc-22-speakers.html#Metacortex Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin] by Metacortex and Grifter.
* Guard nodes and network down events https://lists.torproject.org/pipermail/tor-dev/2014-August/007346.html
-* gabelmoo and tor26 have stopped acting as Naming Directory Authorities https://lists.torproject.org/pipermail/tor-dev/2014-August/007348.html letter for users https://lists.torproject.org/pipermail/tor-talk/2014-August/034380.html ''should be a feature''
* Last round of GSoC reports:
- Revamp GetTor https://lists.torproject.org/pipermail/tor-dev/2014-August/007368.html
- wfpadtools https://lists.torproject.org/pipermail/tor-reports/2014-August/000623.html
@@ -186,3 +240,4 @@
- multicore https://lists.torproject.org/pipermail/tor-dev/2014-August/007389.html
- HTTPS Everywhere https://lists.eff.org/pipermail/https-everywhere/2014-August/002234.html
- PT transport combiner https://lists.torproject.org/pipermail/tor-dev/2014-August/007393.html
+* Aphex Twin Announces New Album SYRO on Tor Hidden Service: http://syro2eznzea2xbpi.onion http://pitchfork.com/news/56341-aphex-twin-announces-new-album-syro-via-the-deep-web/
version 36
Author: harmony
Date: 2014-08-19T10:18:33+00:00
add more misc
--- version 35
+++ version 36
@@ -10,7 +10,7 @@
========================================================================
Welcome to the thirty-third issue of Tor Weekly News in 2014, the weekly
-newsletter that covers what is happening in the XXX Tor community.
+newsletter that covers what is happening in the Tor community.
Tor Browser 3.6.4 and 4.0-alpha-1 are out
-----------------------------------------
@@ -56,78 +56,39 @@
[XXX]: https://blog.torproject.org/blog/how-use-%E2%80%9Cmeek%E2%80%9D-pluggable-transport
[XXX]: https://www.torproject.org/dist/torbrowser/
-The Tor network doesn't support addressing relays by name anymore
------------------------------------------------------------------
-
-Since the very first versions of Tor [XXX], relay operators have been
-able specify “nicknames” for their relays. Such nicknames were initially
-meant to be unique accross the network, and operators of directory
-authorities would manually “bind” a relay identity key after verifying
-the nickname. The process became formalized with the “Named” flag
-introduced in the 0.1.1 series [XXX], and latter automated with the
-0.2.0 series. If a relay held a unique nickname for long enough, the
-authority would recognize the binding, and subsequently reserve the name
-for half a year.
-
-Nicknames are useful because it appears humans are not very good at
-thinking using long strings of random bits. Initially, they made it
-possible to understand what was happening in the network more easily,
-and to address a specific relay in a shorter way. Having two relays with
-the same nickname in the whole network is not really problematic when
-one is looking at nodes, or a list on Globe [XXX] as relays can always
-be differentiated by their IP addresses or identity keys.
-
-But complications start when nicknames are used to specify a relay and
-not another. If the wrong relay get selected, then it can become a
-security risk. Even if a good amount of efforts [XXX] have been spent
-trying to improve the situation, properly enforcing uniqueness has
-always been problematic and a burden for the few directory authorities
-handling naming.
-
-Back in April, “Heartblead” [XXX] forced many relays to switch to a new
-identity key, thus loosing their “Named” flag. Because this meant that
-anyone addressing relays with nickname would now have a hard time
-continuing to do so, this was seen by Sebastian Hahn as the opportunity
-to get rid of the idea entirely [XXX].
-
-This week, Sebastian wrote [XXX]: “Code review down to 0.2.3.x has shown
-that the naming-related code hasn't changed much at all, and no issues
-were found which would mean a Named-flag free consensus would cause any
-problems. gabelmoo and tor26 have stopped acting as Naming Directory
-Authorities, and — pending any issues — will stay that way.”
-
-This mans that addressing relays by nicknames has now stopped working.
-“If you — in your Tor configuration file — refer to any relay by name
-and not by identity hash, please change that immediately. Future
-versions of Tor will not support using names in the configuration at
-all”, warns Sebastian [XXX].
-
- [XXX]: https://gitweb.torproject.org/tor.git/blob/161d7d1:/src/config/torrc.in#l20
- [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/attic/dir-spec-v2.txt#l427
- [XXX]: https://globe.torproject.org/#/search/query=Unnamed
- [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/122-unnamed-flag.txt
- [XXX]: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
- [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/235-kill-named-flag.txt
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007348.html
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-August/034380.html
-
-Monthly status reports for XXX month 2014
------------------------------------------
-
-The wave of regular monthly reports from Tor project members for the
-month of XXX has begun. XXX released his report first [XXX], followed
-by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
-
- [XXX]:
- [XXX]:
- [XXX]:
- [XXX]:
-
Miscellaneous news
------------------
+meejah announced [XXX] the release of version 0.11.0 of txtorcon, a
+Twisted-based Python controller library for Tor. This release brings
+several API improvements; see meejah’s message for full release notes
+and instructions on how to download it.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007375.html
+
+Nick Mathewson asked for comments [XXX] on Trunnel, “a little tool to
+automatically generate binary encoding and parsing code based on
+C-like structure descriptions” intended to prevent Heartbleed-style
+vulnerabilities from creeping into Tor’s binary-parsing code in C. “My
+open questions are: Is this a good idea? Is it a good idea to use this
+in Tor? Are there any tricky bugs left in the generated code? What am I
+forgetting to think of?”, wrote Nick.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007355.html
+
+Arturo Filastò requested feedback [XXX] on some proposed changes to
+the format of the “test deck” used by ooni-probe, the main project of
+the Open Observatory of Network Interference. “A test deck is basically
+a way of telling it ‘Run this list of OONI tests with these inputs and
+by the way be sure you also set these options properly when doing
+so’…This new format is supposed to overcome some of the limitations of
+the old design and we hope that a major redesign will not be needed in
+the near future”, wrote Arturo.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007353.html
+
Tor’s importance to users who are at risk, for a variety of reasons,
-makes it an attractive target for creators of malware who distribute
+makes it an attractive target for creators of malware, who distribute
fake or modified versions of Tor software for malicious purposes.
Following a recent report of a fake Tor Browser in circulation, Julien
Voisin carried out an investigation of the compromised software, and
@@ -138,13 +99,9 @@
[XXX]: http://dustri.org/b/torbundlebrowserorg.html
[XXX]: https://www.torproject.org/docs/verifying-signatures
-Item 2 with cited source [XXX].
+Arlo Breault submitted a status report for July [XXX].
-Item 3 with cited source [XXX].
-
- [XXX]:
- [XXX]:
- [XXX]:
+ [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-August/000622.html
Tor help desk roundup
---------------------
@@ -198,8 +155,8 @@
| https://mailman.boum.org/pipermail/tails-project/2014-August/000016.html
-This issue of Tor Weekly News has been assembled by XXX, Matt Pagan,
-Sebastian Hahn and Ximin Luo.
+This issue of Tor Weekly News has been assembled by XXX, Matt Pagan, and
+XXX.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
@@ -211,16 +168,14 @@
[XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
-* (''Not sure how to write this, I wish dcf could provide a short writeup -- Lunar'') Tor-related talks at [https://www.defcon.org/html/defcon-22/dc-22-index.html Def Con 22], August 7–10, 2014 in Las Vegas:
+* Tor-related talks at [https://www.defcon.org/html/defcon-22/dc-22-index.html Def Con 22], August 7–10, 2014 in Las Vegas:
* [https://defcon.org/html/defcon-22/dc-22-speakers.html#Zoz Don’t Fuck It Up] ([http://dropcanvas.com/d85g8 slides], temporary URL) by Zoz. Zoz talked about how to use Tor and other tools to keep safe while practicing civil disobedience.
* [https://defcon.org/html/defcon-22/dc-22-speakers.html#Lackey Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring] ([https://www.portalmasq.com/portal-defcon.pdf slides], [http://arstechnica.com/information-technology/2014/08/a-portable-router-that-conceals-your-internet-traffic/ Ars Technica]) by Ryan Lackey, Marc Rogers, and the Grugq. The talk was different than what the title and abstract imply. They discussed a hardware "travel router" running Tor and pluggable transports (see pages 24 ff. of the slides).
* [https://defcon.org/html/defcon-22/dc-22-speakers.html#Vedaa Impostor — Polluting Tor Metadata] by Charlie Vedaa and Mike Larsen. The authors presented simple JavaScript programs designed to cause false positives for Tor-detecting rules in network monitors such as Snort, Bro, and XKeyScore. Their programs are at http://impostor.io/.
* ''I (dcf) didn't see this one, so I can't say anything about it.''\\
[https://defcon.org/html/defcon-22/dc-22-speakers.html#Metacortex Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin] by Metacortex and Grifter.
* Guard nodes and network down events https://lists.torproject.org/pipermail/tor-dev/2014-August/007346.html
-* Feedback on new OONI test deck format https://lists.torproject.org/pipermail/tor-dev/2014-August/007353.html
-* RFC: Trunnel -- a binary parser generator for Tor and more https://lists.torproject.org/pipermail/tor-dev/2014-August/007355.html
-* Arlo's July 2014 https://lists.torproject.org/pipermail/tor-reports/2014-August/000622.html
+* gabelmoo and tor26 have stopped acting as Naming Directory Authorities https://lists.torproject.org/pipermail/tor-dev/2014-August/007348.html letter for users https://lists.torproject.org/pipermail/tor-talk/2014-August/034380.html ''should be a feature''
* Last round of GSoC reports:
- Revamp GetTor https://lists.torproject.org/pipermail/tor-dev/2014-August/007368.html
- wfpadtools https://lists.torproject.org/pipermail/tor-reports/2014-August/000623.html
@@ -231,5 +186,3 @@
- multicore https://lists.torproject.org/pipermail/tor-dev/2014-August/007389.html
- HTTPS Everywhere https://lists.eff.org/pipermail/https-everywhere/2014-August/002234.html
- PT transport combiner https://lists.torproject.org/pipermail/tor-dev/2014-August/007393.html
-* txtorcon 0.11.0 https://lists.torproject.org/pipermail/tor-dev/2014-August/007375.html
-* Aphex Twin Announces New Album SYRO on Tor Hidden Service: http://syro2eznzea2xbpi.onion http://pitchfork.com/news/56341-aphex-twin-announces-new-album-syro-via-the-deep-web/
version 35
Author: lunar
Date: 2014-08-19T10:13:41+00:00
comment
--- version 34
+++ version 35
@@ -211,7 +211,7 @@
[XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
-* Tor-related talks at [https://www.defcon.org/html/defcon-22/dc-22-index.html Def Con 22], August 7–10, 2014 in Las Vegas:
+* (''Not sure how to write this, I wish dcf could provide a short writeup -- Lunar'') Tor-related talks at [https://www.defcon.org/html/defcon-22/dc-22-index.html Def Con 22], August 7–10, 2014 in Las Vegas:
* [https://defcon.org/html/defcon-22/dc-22-speakers.html#Zoz Don’t Fuck It Up] ([http://dropcanvas.com/d85g8 slides], temporary URL) by Zoz. Zoz talked about how to use Tor and other tools to keep safe while practicing civil disobedience.
* [https://defcon.org/html/defcon-22/dc-22-speakers.html#Lackey Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring] ([https://www.portalmasq.com/portal-defcon.pdf slides], [http://arstechnica.com/information-technology/2014/08/a-portable-router-that-conceals-your-internet-traffic/ Ars Technica]) by Ryan Lackey, Marc Rogers, and the Grugq. The talk was different than what the title and abstract imply. They discussed a hardware "travel router" running Tor and pluggable transports (see pages 24 ff. of the slides).
* [https://defcon.org/html/defcon-22/dc-22-speakers.html#Vedaa Impostor — Polluting Tor Metadata] by Charlie Vedaa and Mike Larsen. The authors presented simple JavaScript programs designed to cause false positives for Tor-detecting rules in network monitors such as Snort, Bro, and XKeyScore. Their programs are at http://impostor.io/.
version 34
Author: lunar
Date: 2014-08-19T10:07:52+00:00
fixes and credits
--- version 33
+++ version 34
@@ -69,18 +69,18 @@
authority would recognize the binding, and subsequently reserve the name
for half a year.
-It appears humans are not very good at thinking using long strings of
-random bits. These nicknames initially served two purposes: being
-able to have an easier time understanding what was happening in the
-network, and addressing a specific relay. Having two relays with the
-same nickname in the whole network is not really problematic when one is
-looking at nodes, or a list on Globe [XXX] as relays can always be
-differentiated by their IP addresses or identity keys.
-
-But complications start when nicknames are used to design a specific
-relay and not another. If the wrong relay get selected, then it can
-become a security risk. Even if a good amount of efforts [XXX] have been
-spent trying to improve the situation, properly enforcing uniqueness has
+Nicknames are useful because it appears humans are not very good at
+thinking using long strings of random bits. Initially, they made it
+possible to understand what was happening in the network more easily,
+and to address a specific relay in a shorter way. Having two relays with
+the same nickname in the whole network is not really problematic when
+one is looking at nodes, or a list on Globe [XXX] as relays can always
+be differentiated by their IP addresses or identity keys.
+
+But complications start when nicknames are used to specify a relay and
+not another. If the wrong relay get selected, then it can become a
+security risk. Even if a good amount of efforts [XXX] have been spent
+trying to improve the situation, properly enforcing uniqueness has
always been problematic and a burden for the few directory authorities
handling naming.
@@ -198,8 +198,8 @@
| https://mailman.boum.org/pipermail/tails-project/2014-August/000016.html
-This issue of Tor Weekly News has been assembled by XXX, Matt Pagan, and
-XXX.
+This issue of Tor Weekly News has been assembled by XXX, Matt Pagan,
+Sebastian Hahn and Ximin Luo.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
version 33
Author: lunar
Date: 2014-08-19T09:53:41+00:00
now covered
--- version 32
+++ version 33
@@ -218,7 +218,6 @@
* ''I (dcf) didn't see this one, so I can't say anything about it.''\\
[https://defcon.org/html/defcon-22/dc-22-speakers.html#Metacortex Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin] by Metacortex and Grifter.
* Guard nodes and network down events https://lists.torproject.org/pipermail/tor-dev/2014-August/007346.html
-* gabelmoo and tor26 have stopped acting as Naming Directory Authorities https://lists.torproject.org/pipermail/tor-dev/2014-August/007348.html letter for users https://lists.torproject.org/pipermail/tor-talk/2014-August/034380.html ''should be a feature''
* Feedback on new OONI test deck format https://lists.torproject.org/pipermail/tor-dev/2014-August/007353.html
* RFC: Trunnel -- a binary parser generator for Tor and more https://lists.torproject.org/pipermail/tor-dev/2014-August/007355.html
* Arlo's July 2014 https://lists.torproject.org/pipermail/tor-reports/2014-August/000622.html
version 32
Author: lunar
Date: 2014-08-19T09:52:38+00:00
be sympathetic to dirauths
--- version 31
+++ version 32
@@ -81,7 +81,8 @@
relay and not another. If the wrong relay get selected, then it can
become a security risk. Even if a good amount of efforts [XXX] have been
spent trying to improve the situation, properly enforcing uniqueness has
-always been problematic.
+always been problematic and a burden for the few directory authorities
+handling naming.
Back in April, “Heartblead” [XXX] forced many relays to switch to a new
identity key, thus loosing their “Named” flag. Because this meant that
version 31
Author: lunar
Date: 2014-08-19T09:50:21+00:00
write about the end of naming
--- version 30
+++ version 31
@@ -55,6 +55,60 @@
[XXX]: XXX will link when I find out how to reference specific blog comments
[XXX]: https://blog.torproject.org/blog/how-use-%E2%80%9Cmeek%E2%80%9D-pluggable-transport
[XXX]: https://www.torproject.org/dist/torbrowser/
+
+The Tor network doesn't support addressing relays by name anymore
+-----------------------------------------------------------------
+
+Since the very first versions of Tor [XXX], relay operators have been
+able specify “nicknames” for their relays. Such nicknames were initially
+meant to be unique accross the network, and operators of directory
+authorities would manually “bind” a relay identity key after verifying
+the nickname. The process became formalized with the “Named” flag
+introduced in the 0.1.1 series [XXX], and latter automated with the
+0.2.0 series. If a relay held a unique nickname for long enough, the
+authority would recognize the binding, and subsequently reserve the name
+for half a year.
+
+It appears humans are not very good at thinking using long strings of
+random bits. These nicknames initially served two purposes: being
+able to have an easier time understanding what was happening in the
+network, and addressing a specific relay. Having two relays with the
+same nickname in the whole network is not really problematic when one is
+looking at nodes, or a list on Globe [XXX] as relays can always be
+differentiated by their IP addresses or identity keys.
+
+But complications start when nicknames are used to design a specific
+relay and not another. If the wrong relay get selected, then it can
+become a security risk. Even if a good amount of efforts [XXX] have been
+spent trying to improve the situation, properly enforcing uniqueness has
+always been problematic.
+
+Back in April, “Heartblead” [XXX] forced many relays to switch to a new
+identity key, thus loosing their “Named” flag. Because this meant that
+anyone addressing relays with nickname would now have a hard time
+continuing to do so, this was seen by Sebastian Hahn as the opportunity
+to get rid of the idea entirely [XXX].
+
+This week, Sebastian wrote [XXX]: “Code review down to 0.2.3.x has shown
+that the naming-related code hasn't changed much at all, and no issues
+were found which would mean a Named-flag free consensus would cause any
+problems. gabelmoo and tor26 have stopped acting as Naming Directory
+Authorities, and — pending any issues — will stay that way.”
+
+This mans that addressing relays by nicknames has now stopped working.
+“If you — in your Tor configuration file — refer to any relay by name
+and not by identity hash, please change that immediately. Future
+versions of Tor will not support using names in the configuration at
+all”, warns Sebastian [XXX].
+
+ [XXX]: https://gitweb.torproject.org/tor.git/blob/161d7d1:/src/config/torrc.in#l20
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/attic/dir-spec-v2.txt#l427
+ [XXX]: https://globe.torproject.org/#/search/query=Unnamed
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/122-unnamed-flag.txt
+ [XXX]: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/235-kill-named-flag.txt
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007348.html
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-August/034380.html
Monthly status reports for XXX month 2014
-----------------------------------------
version 30
Author: dope457
Date: 2014-08-19T09:47:51+00:00
aphex twin
--- version 29
+++ version 30
@@ -178,3 +178,4 @@
- HTTPS Everywhere https://lists.eff.org/pipermail/https-everywhere/2014-August/002234.html
- PT transport combiner https://lists.torproject.org/pipermail/tor-dev/2014-August/007393.html
* txtorcon 0.11.0 https://lists.torproject.org/pipermail/tor-dev/2014-August/007375.html
+* Aphex Twin Announces New Album SYRO on Tor Hidden Service: http://syro2eznzea2xbpi.onion http://pitchfork.com/news/56341-aphex-twin-announces-new-album-syro-via-the-deep-web/
version 29
Author: harmony
Date: 2014-08-19T09:42:29+00:00
add tor malware item to misc
--- version 28
+++ version 29
@@ -71,7 +71,17 @@
Miscellaneous news
------------------
-Item 1 with cited source [XXX].
+Tor’s importance to users who are at risk, for a variety of reasons,
+makes it an attractive target for creators of malware who distribute
+fake or modified versions of Tor software for malicious purposes.
+Following a recent report of a fake Tor Browser in circulation, Julien
+Voisin carried out an investigation of the compromised software, and
+posted a detailed analysis [XXX] of the results. To ensure you are
+protected against this sort of attack, make sure you verify any Tor
+software you download [XXX] before running it!
+
+ [XXX]: http://dustri.org/b/torbundlebrowserorg.html
+ [XXX]: https://www.torproject.org/docs/verifying-signatures
Item 2 with cited source [XXX].
@@ -152,7 +162,6 @@
* [https://defcon.org/html/defcon-22/dc-22-speakers.html#Vedaa Impostor — Polluting Tor Metadata] by Charlie Vedaa and Mike Larsen. The authors presented simple JavaScript programs designed to cause false positives for Tor-detecting rules in network monitors such as Snort, Bro, and XKeyScore. Their programs are at http://impostor.io/.
* ''I (dcf) didn't see this one, so I can't say anything about it.''\\
[https://defcon.org/html/defcon-22/dc-22-speakers.html#Metacortex Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin] by Metacortex and Grifter.
-* What's in a fake Tor Browser http://dustri.org/b/torbundlebrowserorg.html
* Guard nodes and network down events https://lists.torproject.org/pipermail/tor-dev/2014-August/007346.html
* gabelmoo and tor26 have stopped acting as Naming Directory Authorities https://lists.torproject.org/pipermail/tor-dev/2014-August/007348.html letter for users https://lists.torproject.org/pipermail/tor-talk/2014-August/034380.html ''should be a feature''
* Feedback on new OONI test deck format https://lists.torproject.org/pipermail/tor-dev/2014-August/007353.html
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list