[TWN team] Recent changes to the wiki pages

Lunar lunar at torproject.org
Mon Jan 27 16:40:04 UTC 2014 

===========================================================================
==== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/4 ====
===========================================================================

version 18
Author: lunar
Date:   2014-01-27T16:08:50+00:00

   write about Rob's blog post

--- version 17
+++ version 18
@@ -12,14 +12,35 @@
 Welcome to the fourth issue in 2014 of Tor Weekly News,, the weekly 
 newsletter that covers what is happening in the XXX Tor community.
 
-New Release of XXX
-------------------
+New Tor denial of service attacks and defenses
+----------------------------------------------
 
-XXX: cite specific release date, numbers, and developers responsible
+Rob Jansen, Florian Tschorsch, Aaron Johnson, and Björn Scheuermann have
+been working on a new paper [XXX] entitled “The Sniper Attack:
+Anonymously Deanonymizing and Disabling the Tor Network”. As research
+paper are sometimes hard to fully understand, Rob Jansen has published
+a new blog post [XXX] giving an overview of the attacks, the
+defenses what has been modified in Tor so far and what open questions
+remain.
 
-XXX: details about release
+“We found a new vulnerability in the design of Tor's flow control
+algorithm that can be exploited to remotely crash Tor relays. The attack
+is an extremely low resource attack in which an adversary's bandwidth
+may be traded for a target relay's memory (RAM) at an amplification rate
+of one to two orders of magnitude” explains Rob.
 
- [XXX]
+The authors have been working with Tor developers on integrating
+defenses before publishing: “Due to our devastating findings, we also
+designed three defenses that mitigate our attacks, one of which provably
+renders the attack ineffective. Defenses have been implemented and
+deployed into the Tor software to ensure that the Tor network is no
+longer vulnerable as of Tor version 0.2.4.18-rc and later.”
+
+Be sure to read the blog post and the paper in full if you want to know
+more.
+
+ [XXX] https://www-users.cs.umn.edu/~jansen/publications/sniper-ndss2014.pdf
+ [XXX] https://blog.torproject.org/blog/new-tor-denial-service-attacks-and-defenses
 
 Miscellaneous news
 ------------------
@@ -77,8 +98,6 @@
  * @outlook.com is now supported to request bridges and bundles via email https://trac.torproject.org/projects/tor/ticket/6591#comment:4
  * http://www.businessweek.com/articles/2014-01-23/tor-anonymity-software-vs-dot-the-national-security-agency (let's recognize a good press article for once?) - reaction to some speculations https://trac.torproject.org/projects/tor/wiki/doc/HowBigIsTheDarkWeb
  * terminology https://lists.torproject.org/pipermail/tor-talk/2014-January/031863.html
- * https://blog.torproject.org/blog/new-tor-denial-service-attacks-and-defenses
-
  * stats on Weather https://trac.torproject.org/projects/tor/ticket/10699#comment:3
 
 To mention when TBB 3.5.1 will be officially out:



-- 
Your friendly TWN monitoring script

      In case of malfunction, please reach out for lunar at torproject.org
          or for the worst cases, tell weasel at torproject.org to kill me.

More information about the news-team mailing list