New Tor 0.2.4.17-rc packages

by erinn | September 06, 2013

There's a new Tor 0.2.4.17-rc to hopefully help mitigate some of the problems with the botnet issues Tor is experiencing. All packages, including the beta Tor Browser Bundles, have been updated. Relay operators are strongly encouraged to upgrade to the latest versions, since it mostly has server-side improvements in it, but users will hopefully benefit from upgrading too. Please try it out and let us know.

https://www.torproject.org/projects/torbrowser.html.en#downloads

Tor Browser Bundle (2.4.17-beta-1)

  • Update Tor to 0.2.4.17-rc
  • Update NoScript to 2.6.7.1
  • Update HTTPS Everywhere to 4.0development.11
Tags
tor
tor browser bundle
updates
tbb

That is the same error I got on 98SE. Unless we can analyze and compile source code ourselves, it appears that we are stuck with 0.2.3.25. I'm suspecting the problem lies with the version of msvcrt.dll that Tor expects to find but don't have the skills to confirm it.

Anonymous

Anonymous (not verified) said:

September 13, 2013

Permalink

The new Tor 0.2.4.17-rc package is terrible, the connection is "interrupted" most of the time, so it's not accessing any websites, even the check.torproject.org. Swritched back to the older one and it's doing great.

Anonymous

Anonymous (not verified) said:

September 14, 2013

Permalink

"The future (TBB 3.x) has no more Vidalia"

um may that's the funny running gag in the "Tor crypto broken or not" discussion?
Stooges don't need the hard decipher way on new TBB(3.x) WITHOUT Vidalia.
Tor will prefer circuits on totally fullcontrolled networks in FiveEye countrys,or loops like SW-US-SW. Ordinary timing+correlation attacks?
ie you live in the US,get circuits like US-US-GB and you think they need sophisticated decipher-hardware to broke that?
You can say: Tor would not do that. Really?
Without Vidalia you notice nothing)-: i have test it(-:
That's a way users will be really fucked)-: cause the most use it
out-of-box.
Old discussion. Make cryptosoft(bundles) useable in a way it's simple for all AND full DEVELOPED at the same time.

> Do [hard thing A] and [hard thing B] at the same time.

Yes. Great idea in theory.

But yelling at us to do more than we can do, while not stepping up to help us do it, is unlikely to solve your troubles.

Anonymous

Anonymous (not verified) said:

September 14, 2013

Permalink

2.4.17-beta is much more slower than the stable version. What is the cause of it? Can I do something about it?

Anonymous

Anonymous (not verified) said:

September 14, 2013

Permalink

Day nine and not much is happening in user deployment:

"Circuit handshake stats since last time: 322414/322416 TAP, 437/437 NTor."

Silly figures. Relay uptake is also slow. Only about 1000 of the 4000 is running 0.2.4 (729 using 0.2.4.17-rc).

The HTTPS Everywhere bug is fixed people! Please upgrade.

In theory you don't need to see that many NTor circuits -- normal Tor users don't chew through circuits at the rate that the botnet clients seem to.

As for the number of relays that have upgraded, you should look at capacity not number. See also:
https://lists.torproject.org/pipermail/tor-relays/2013-September/002750…

I'm happy to see that the bug in the HTTPS-Everywhere dev version has been fixed. We should put out a new version sometime I agree.

Anonymous

Anonymous (not verified) said:

September 16, 2013

Permalink

I still do not understand why I am able to always reach the tor exit nodes and they are super fast, yet I can not reach hidden sites most of the time and they are very slow. How are they (not) targetting HS?

Someone please explain in non theoretical terms for me. A scientific explaination is preferred.

Anonymous

Anonymous (not verified) said:

September 16, 2013

Permalink

Is a 0.2.4.17-rc package available for Debian Lenny? I am running a middle relay with 0.2.3.25, and since the botnet action started last month, it repeatedly creeps up past 500 MB of RAM, causing the Linux-VServer VM on which it runs to reboot three to four times daily.

Anonymous

Anonymous (not verified) said:

September 17, 2013

Permalink

I can hardly follow the technical talk here. I started using Tor late August b/c I am constantly hacked on Facebook, Yahoo, Hotmail, and apparently Gmail and LinkedIn too (still investigating). Why, you might ask, do I gather so much attention? I am a USA activist against gov't child confiscation (CPS). I use my real name in my work, but tired of my work being constantly attacked. So am I using Tor appropriately?

I want to upgrade but would like to see more stability via comments here. And, since I do not understand much of the technical talk here, I'd like to have a plan should my system not boot. What is the worst I can expect? What would I do if that happens?

Also- fellow activists who also began using Tor recently (late August) have experienced their Facebook accounts closed when using Tor. These activists are using Tor to access the net in much the same way as I am, using their true identities, but constantly hacked by those who wish to oppress us, thus attempting to work with Tor and avoid the calamity our haters create. Is there any information on this issue? I cannot easily reproduce my international base of activist friends, thus I am left without this valuable tool until I know more.

I would be interested in assisting creation of "Tor For Dummies" or "Q&A for Tor" since those available are still too technical for my use. I cannot, however, devote much time without compensation (my apologies) b/c we activists are stretched to the limit on resources as well.

Anonymous

Anonymous (not verified) said:

September 17, 2013

Permalink

Firefox 17.0.9 is out

Fixed in Firefox ESR 17.0.9

MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
MFSA 2013-65 Buffer underflow when generating CRMF requests.

https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html

Anonymous

Anonymous (not verified) said:

September 19, 2013

Permalink

Well done on fixing the issues.
Was forced to close down Vidalia Exit Bundle running Exit, Dir and HS Servers for the first time in 5 years due to Torcc unable to control Up Bandwidth, CPU and RAM usage in the older versions making my system inoperable. Nearly broke my heart but all seems well now.
Does seem as if the Bot is targeting HS, Before the Dir is advertised as HS Server the Circuit builds are in the region of +-50. Once HS kicks in it increases to +-700

Anonymous

Anonymous (not verified) said:

September 19, 2013

Permalink

This bundle is broken as shit super slow, I have noticed looking around there are about 5 places on this site to download things, so many even the devs are getting confused when linking new version how about cleaning up the site and getting one down load page will everything there.

Anonymous

Anonymous (not verified) said:

September 19, 2013

Permalink

I heard the project was under attack and exit node were under huge stress so I decided to help out, first i had the stable bundle, then i saw this post, this bundle has something really wrong, im seeing tons of routers about 4.5k and then it drops to 600, then back up to 4.5,it has repeated this over and over for many hours , I never noticed that on the stable bundle