Tor 0.2.7.6 is released
Here comes another stable release!
Tor version 0.2.7.6 fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. (For more information on the guard bug, see Roger's preliminary analysis.
You can download the source from the usual place on the website. Packages should be up within a few days.
Changes in version 0.2.7.6 - 2015-12-10
- Major bugfixes (guard selection):
- Actually look at the Guard flag when selecting a new directory guard. When we implemented the directory guard design, we accidentally started treating all relays as if they have the Guard flag during guard selection, leading to weaker anonymity and worse performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered by Mohsen Imani.
- Minor features (geoip):
- Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2 Country database.
- Minor bugfixes (compilation):
- When checking for net/pfvar.h, include netinet/in.h if possible. This fixes transparent proxy detection on OpenBSD. Fixes bug 17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
- Fix a compilation warning with Clang 3.6: Do not check the presence of an address which can never be NULL. Fixes bug 17781.
- Minor bugfixes (correctness):
- When displaying an IPv6 exit policy, include the mask bits correctly even when the number is greater than 31. Fixes bug 16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
- The wrong list was used when looking up expired intro points in a rend service object, causing what we think could be reachability issues for hidden services, and triggering a BUG log. Fixes bug 16702; bugfix on 0.2.7.2-alpha.
- Fix undefined behavior in the tor_cert_checksig function. Fixes bug 17722; bugfix on 0.2.7.2-alpha.
BUPT former president Bin-Xing Fang et al., Published "anonymous communication systems unobservability measure" in the "Computer Research and Development" (PDF), reported that they can observe traffic patterns Tor confuse widget will identify it. In order to avoid deep packet inspection, the researchers developed a protocol obfuscation tool, Tor anonymity network developed transport layer protocols confuse plug-ins include obfsprox (obfsproxy3 and obfsproxy4), meek and fte like. Researchers from Tor official website to download software, transport traffic soon after some research found that confusion Tor plugin vulnerable time analysis attacks. They found that, meek, bridges and HTTPS traffic packets inside the interval basically the same, but the meek packets in 0.5 seconds, has a near significant jitter, because the meek client in order to maintain a long connection with the cloud platform automatically when they are free to send a heartbeat packet, heartbeat packets are randomly between 0.1 seconds to 5 seconds to select a value. They also observed the other two data modes: bridge mode packet size are concentrated in the vicinity of 600B, reasons and Tor packet design related; under meek mode client-service packet size at around 200B, server to client end around 400B.
Please tor developers and other interested parties Bin Xing rogue plug-flow characteristics of the confusion of research !!
translated by https google translate