Tor 0.2.8.8 is released, with important fixes
Tor 0.2.8.8 fixes two crash bugs present in previous versions of the 0.2.8.x series. Relays running 0.2.8.x should upgrade, as should users who select public relays as their bridges.
You can download the source from the Tor website. Packages should be available over the next week or so.
Below is a list of changes since 0.2.8.6.
Changes in version 0.2.8.8 - 2016-09-23
- Major bugfixes (crash):
- Fix a complicated crash bug that could affect Tor clients configured to use bridges when replacing a networkstatus consensus in which one of their bridges was mentioned. OpenBSD users saw more crashes here, but all platforms were potentially affected. Fixes bug 20103; bugfix on 0.2.8.2-alpha.
- Major bugfixes (relay, OOM handler):
- Fix a timing-dependent assertion failure that could occur when we tried to flush from a circuit after having freed its cells because of an out-of-memory condition. Fixes bug 20203; bugfix on 0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing this one.
- Minor feature (fallback directories):
- Remove broken fallbacks from the hard-coded fallback directory list. Closes ticket 20190; patch by teor.
- Minor features (geoip):
- Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 Country database.
(Begging indulgence of moderator; second attempt to comment)
Oppressive governments are likely to maintain lists of all IP addresses under their jurisdiction (e.g. because the servers are located within their borders), and are increasingly likely to follow NSA's example by trying to implant an APT malware in all of them. Similarly, FBI has access to NSA's continuously updated list of IPs which have contacted a Tor Directory Authority (a necessary preliminary for using the Tor network), and come 1 Dec 2016 FBI is likely to attack all these IPs with a malware dropper. And of course NSA has lists of the IPs of all Cisco business-grade routers and appears to regularly attack each of them with a malware dropper which tries to implant an APT.
Sometimes that dropper fails to implant the APT, but when the dropper succeeds, it is "game over" for that device: the APT cannot be removed even with a complete OS reinstall (possibly because it has buried itself in a vulnerable microcontroller for a hard drive or some other essential hardware component which in inaccessible to the OS).
This kind of dragnet or targeted blitz attack with a malware dropper is different from worm/virus infections, in which infected machines try to infect other machines, so that the rate of attack is proportional to the number of already infected machines, because the malware dropper blitz is working from a more or less constant list of IPs, so the rate of dropper attacks is limited only by how many servers the state-sponsored attackers are willing to devote to the scheme. Further, infected machines are not removed from the population (if the APT is implanted, the infection shows no symptoms despite the disastrous consequences). These features mean that a dropper blitz attack is easier to model than a virus/worm attack.
Here is a simple four-state Markov process model in such a "dropper blitz attack" on a fixed list of devices. The states describe the status of a device on the list:
4. not yet attacked by dropper
3. dropper attack in progress
2. dropper attack complete but failed
1. dropper attack complete and APT implanted.
The infinitesimal generator matrix A is a four by four matrix with real entries such that all rows add to zero. The first two rows are zero (since states 1,2 are absorbing), the bottom two rows are
[ p*m, (1-p)*m, -m, 0 ]
where 0 < p < 1 is the probability that a dropper attack succeeds, b > 0 is the time rate at which dropper attacks occur, and m > 0 is the time rate at which dropper attacks are completed once they begin. (Usually m >> b). That is, 1/b is the mean time before being attacked by a dropper and 1/m is the mean time for the attack to complete once it has begun.
Then the transition probabilities are given by the matrix P = exp(t*A) which can be computed explicitly and unmessily because the eigenvalues of A happen to be non-messy:
-b, -m, 0 with multiplicities 1, 1, 2
The conclusions of interest are:
1. the mean time for the attack to complete is 1/b + 1/m (no surprise there),
2. eventually (after a time on the order of some multiple of 1/b+1/m) essentially all the victims have been attacked, and fraction p of the victims have been implanted.
If we had some idea of the values of the characteristic times 1/b, 1/m we could estimate how long we can expect to be unmolested by FBI after 1 Dec 2016. I guess 1/b about a week and 1/m thirty seconds at most, and p might be about 0.95. Using those figures, the model predicts that sometime around Pearl Harbor day, 7 Dec 2016, 95% of Tor users will have been silently enlisted in FBI's secret botnet, and may thereafter be abused to attack still more victims. FBI can do a great deal of damage with a botnet consisting of millions of devices. Brian Krebs might not be worried, but Glenn Greenwald probably should be.
This model is easily generalized to a seven state model of a two stage attack in which every device which resists the first dropper is then attacked with a second dropper. Then the mean time for the entire blitz attack to complete is (1-p1)*(1/m2 + 1/b2) + (1/m1 + 1/b1), where p1 is the probability that the first dropper attack succeeds, b1 is the rate for the first dropper attack, m1 is the rate at which the first dropper completes, b2 is the rate for the second dropper attack, m2 is the rate at which the second dropper completes. At the end, after a time about three times the mean time just mentioned, essentially everyone has been attacked and only a fraction (1-p1)*(1-p2) have survived both dropper attacks.
And so on for three stage attacks.
Nothing stupendously surprising about any of this, but these models may be of interest to anyone teaching a course on Markov processes who needs a simple example of an absorbing Markov process for which everything is easily computed explicitly (which is not very often the case for continuous time Markov processes even for finite state models, because the eigenvalues of A are not often so tractable).