Tor 0.2.8.8 is released, with important fixes

Tor 0.2.8.8 fixes two crash bugs present in previous versions of the 0.2.8.x series. Relays running 0.2.8.x should upgrade, as should users who select public relays as their bridges.
You can download the source from the Tor website. Packages should be available over the next week or so.
Below is a list of changes since 0.2.8.6.

Changes in version 0.2.8.8 - 2016-09-23

  • Major bugfixes (crash):
    • Fix a complicated crash bug that could affect Tor clients configured to use bridges when replacing a networkstatus consensus in which one of their bridges was mentioned. OpenBSD users saw more crashes here, but all platforms were potentially affected. Fixes bug 20103; bugfix on 0.2.8.2-alpha.
  • Major bugfixes (relay, OOM handler):
    • Fix a timing-dependent assertion failure that could occur when we tried to flush from a circuit after having freed its cells because of an out-of-memory condition. Fixes bug 20203; bugfix on 0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing this one.
  • Minor feature (fallback directories):
    • Remove broken fallbacks from the hard-coded fallback directory list. Closes ticket 20190; patch by teor.
  • Minor features (geoip):
    • Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 Country database.
Anonymous

October 04, 2016

Permalink

Okay, all I can find is links to the source code when looking for the win32 binaries.

Where are the win32 binaries of 2.8.8 hiding? Going to the "download" links doesn't help, none of the links I can find. :(

Anonymous

October 04, 2016

Permalink

(Begging indulgence of moderator; second attempt to comment)

Oppressive governments are likely to maintain lists of all IP addresses under their jurisdiction (e.g. because the servers are located within their borders), and are increasingly likely to follow NSA's example by trying to implant an APT malware in all of them. Similarly, FBI has access to NSA's continuously updated list of IPs which have contacted a Tor Directory Authority (a necessary preliminary for using the Tor network), and come 1 Dec 2016 FBI is likely to attack all these IPs with a malware dropper. And of course NSA has lists of the IPs of all Cisco business-grade routers and appears to regularly attack each of them with a malware dropper which tries to implant an APT.

Sometimes that dropper fails to implant the APT, but when the dropper succeeds, it is "game over" for that device: the APT cannot be removed even with a complete OS reinstall (possibly because it has buried itself in a vulnerable microcontroller for a hard drive or some other essential hardware component which in inaccessible to the OS).

This kind of dragnet or targeted blitz attack with a malware dropper is different from worm/virus infections, in which infected machines try to infect other machines, so that the rate of attack is proportional to the number of already infected machines, because the malware dropper blitz is working from a more or less constant list of IPs, so the rate of dropper attacks is limited only by how many servers the state-sponsored attackers are willing to devote to the scheme. Further, infected machines are not removed from the population (if the APT is implanted, the infection shows no symptoms despite the disastrous consequences). These features mean that a dropper blitz attack is easier to model than a virus/worm attack.

Here is a simple four-state Markov process model in such a "dropper blitz attack" on a fixed list of devices. The states describe the status of a device on the list:

4. not yet attacked by dropper

3. dropper attack in progress

2. dropper attack complete but failed

1. dropper attack complete and APT implanted.

The infinitesimal generator matrix A is a four by four matrix with real entries such that all rows add to zero. The first two rows are zero (since states 1,2 are absorbing), the bottom two rows are

[ p*m, (1-p)*m, -m, 0 ]
[ 0,0,b,-b]

where 0 < p < 1 is the probability that a dropper attack succeeds, b > 0 is the time rate at which dropper attacks occur, and m > 0 is the time rate at which dropper attacks are completed once they begin. (Usually m >> b). That is, 1/b is the mean time before being attacked by a dropper and 1/m is the mean time for the attack to complete once it has begun.

Then the transition probabilities are given by the matrix P = exp(t*A) which can be computed explicitly and unmessily because the eigenvalues of A happen to be non-messy:

-b, -m, 0 with multiplicities 1, 1, 2

The conclusions of interest are:

1. the mean time for the attack to complete is 1/b + 1/m (no surprise there),

2. eventually (after a time on the order of some multiple of 1/b+1/m) essentially all the victims have been attacked, and fraction p of the victims have been implanted.

If we had some idea of the values of the characteristic times 1/b, 1/m we could estimate how long we can expect to be unmolested by FBI after 1 Dec 2016. I guess 1/b about a week and 1/m thirty seconds at most, and p might be about 0.95. Using those figures, the model predicts that sometime around Pearl Harbor day, 7 Dec 2016, 95% of Tor users will have been silently enlisted in FBI's secret botnet, and may thereafter be abused to attack still more victims. FBI can do a great deal of damage with a botnet consisting of millions of devices. Brian Krebs might not be worried, but Glenn Greenwald probably should be.

This model is easily generalized to a seven state model of a two stage attack in which every device which resists the first dropper is then attacked with a second dropper. Then the mean time for the entire blitz attack to complete is (1-p1)*(1/m2 + 1/b2) + (1/m1 + 1/b1), where p1 is the probability that the first dropper attack succeeds, b1 is the rate for the first dropper attack, m1 is the rate at which the first dropper completes, b2 is the rate for the second dropper attack, m2 is the rate at which the second dropper completes. At the end, after a time about three times the mean time just mentioned, essentially everyone has been attacked and only a fraction (1-p1)*(1-p2) have survived both dropper attacks.

And so on for three stage attacks.

Nothing stupendously surprising about any of this, but these models may be of interest to anyone teaching a course on Markov processes who needs a simple example of an absorbing Markov process for which everything is easily computed explicitly (which is not very often the case for continuous time Markov processes even for finite state models, because the eigenvalues of A are not often so tractable).

Sometimes that dropper fails to implant the APT, but when the dropper succeeds, it is "game over" for that device:

For those of us who are not IT trained, please tell us what the following terms refer to:

dropper

APT

device

Not IT trained either, but should have defined:

> dropper

A malware component which attempts to implant a persistent backdoor malware

> APT

Advanced Persistent Threat, a type of backdoor malware which cannot be removed even by reinstalling the operating system (for example, some NSA "implants" hide in micro-controller for the disk drive, which cannot be examined by an ordinary OS such as Linux)

> device

For example: a desktop PC, a laptop, a tablet computer, a smart phone, a PDA, an internet capable surveillance camera, or some other electronic device with internet connectivity

There *must* be some books which explain clearly and concisely the basic ideas of Markov processes in continuum time (viz. discrete time), but the best I can come up with for now are

Kleinrock, Queueing Systems, Wiley, 1975.

Readable and engaging. Queueing systems are a special type of Markov process.

Karlin and Taylor, A First Course in Stochastic Processes, Academic Press, 1975.

A graduate textbook, but the relevant sections are not as hard as they may appear.

It helps but is not essential to know something of the corresponding theory for Markov chains in discrete time, for which see

Kemeny and Snell, Finite Markov Chains, Van Nostrand, 1959.

The matrix techniques used in this book should help in understanding A and P = exp(A*t) for Markov processes in continuous time. Also, if you have trouble with a Markov process in continuous time, you can derive a similar Markov chain in discrete time and then the techniques in Kemeny and Snell should help you understand the behavior of this discrete time chain (the "uniformitization" of the original process).

To simulate a Markov process on a computer, it is important to understand that the diagonal components of A (the generator matrix) are negative, but flipping the signs gives the reciprocals of the mean times to remain in each state. Then the "embedded chain" is a discrete time Markov chain which says how to jump to a new state. So if you are in state j, you sample a waiting time from the exponential distribution with mean -1/A_jj, then you use S_(ij), the transition probability matrix of the embedded chain, to choose (nondeterministically) the next state k. Then you sample a waiting time from the exponential distribution with mean -1/A_kk, and so forth.

A book which is not as readable as one would like, but which does at least define the embedded chain and the uniformitization is

Nelson, Stochastic Modeling, Dover, 1995.

A textbook with careful proofs (but no diagrams) which does explain the simulation method noted above more clearly than Nelson is

Stroock, Introduction to Markov Processes, Springer, 2005.

None of these books simply tell the reader clearly and concisely how to get started working with specific Markov processes, which is unfortunate because that is not nearly as hard it the books might make it appear.

[This is the kind of meta-comment which USG may try to censor or delete]

@ moderator: wow, thanks much for posting this comment!

@ Roger: please consider asking your MIT colleague Daniel Stroock, author of a textbook on Markov processes, whether he can suggest a more serious Markov model which can help basic researchers understand some Tor-related problem. Stroock is one of the US mathematicians who have expressed support for a boycott of NSA by AMS (American Mathematical Society), so it seems reasonable to assume he might be willing to help. AFAIK, unlike too many other US STEM faculty, he has no financial ties to our enemies. (TP needs to avoid another Chasteen fiasco, so due caution will be required until NSA is dismantled and The People are safe from USG attack.)

@ Shari: 1 Dec 2016 is fast approaching, and users who are worried about FBI executing a dragnet malware dropper attack on all Tor users need a post before that date from TP offering best advice (which I would anticipate would be: "use Tails or Whonix", but hopefully with more detail). I'd also like to hear what advice if any people like Bruce Schneier, Matthew Green, Micah Lee, etc., have to offer.

Anonymous

October 05, 2016

Permalink

[This is the kind of comment which USG is likely to censor or delete]

How is it possible that TP has no comment whatsoever on the campaign to pardon Snowden?

Can Shari explain why she is not speaking out?

Also pardon Ladar Levison ..

and Bradley Manning. And Assange...

[This is the kind of post which both USG and TP are likely to censor]

> How is it possible that TP has no comment whatsoever on the campaign to pardon Snowden?
>
> Can Shari explain why she is not speaking out?

I think it's a reasonable question:

1. At the urging of both TP (Tor Project) employees and Tor users, Shari has (laudably) reconfigured TP as a human rights organization.

2. HRW (Human Rights Watch), Amnesty International, ACLU (American Civil Liberties Union), and EFF (Electronic Frontier Foundation, where Shari worked for many years) and all other major human rights organizations have come out in favor of pardoning Snowden.

It has not escaped our notice that Shari has also hinted she plans to run major policy decisions by the TP workforce (not a bad idea in itself), leading us to suspect that some senior members who appear to be close to people who may be a little to close to the USG are bitterly opposed to TP coming out in favor of a Snowden pardon.

Reporters at TheRegister, Motherboard, Arstechnica are passing up the opportunity to look into and either confirm or debunk this sensational speculation.

Feel free to offer your own thoughts, if this comment appears.

My own thoughts are these one :
a) a partial judgement is not a pardon
b) a pardon means in the official mind 'we do understand but you must be judged (20 years of humiliation & poverty for telling the truth or acting as a human being -in prison- ?)'
c) a pardon means for yourself like an official honorific status so , another life , cleaned of all trial persecution with a good job and even prizes & money ... a star status (a dreyfus case ?... but he was guilty you know ...).
d) it is a comedy where all charges must be dropped and the truth must triumphed & opened the eyes of these blind servants ... of a power which is dying slowly but surely.

Anonymous

October 08, 2016

Permalink

"Tor 0.2.8.8 is released, with IMPORTANT FIXES
Relays running 0.2.8.x SHOULD UPGRADE,"

OK, but why you are allowing 0.2.4.26,0.2.4.27,0.2.5.11,0.2.5.12,0.2.6.5-rc,0.2.6.6,0.2.6.7,0.2.6.8,0.2.6.9,0.2.6.10,0.2.7.1-alpha,.... ??

Anonymous

October 11, 2016

Permalink

"Researchers at the KTH Royal Institute of Technology, Stockholm, and Princeton University in the USA have unveiled a new way to attack Tor and deanonymise its users."

"In the short term, the authors of the paper would like to see the Tor project fix a bug that causes Tor to cache DNS entries for 60 seconds regardless of the DNS entry’s TTL (Time To Live).

In the longer term they’re also calling for Tor to implement DNS lookups over TLS (which would encrypt traffic between exit nodes and DNS resolvers), and suggest that defenses against website fingerprinting attacks in general should be “an important long-term goal.’

They also offer the following advice for exit node operators:

… exit relay operators should avoid public resolvers such as Google and OpenDNS. Instead, they should either use the resolvers provided by their ISP, or run their own, particularly if the operator’s ISP already hosts many other exit relays. Local resolvers can further be optimized to minimize information leakage, by (for example) enabling QNAME minimization

Site operators worried about their users’ anonymity can bypass the DNS system entirely, and stay within the Tor network, by running their site as a hidden service."

For the rest of the article, surf to: Unmasking Tor users with DNS (https://nakedsecurity.sophos.com/2016/10/05/unmasking-tor-users-with-dn…)

> "Site operators worried about their users’ anonymity can bypass the DNS system entirely, and stay within the Tor network, by running their site as a hidden service."

I do not understand this, and would love to see an explainer from TP people who do understand it, but regardless:

1. EFF did great work in helping non-tech-savvy website maintainers learn how to implement TLS and obtain free certs,

2. This effort has been very successful, but owing to the ease with which governments (and other determined actors) can obtain and abuse root certs to MITM, https is no longer much help,

3. So TP should reach out to EFF about starting a new drive urging websites (such as major news organizations, human rights groups and other at-risk NGOs, controversial bloggers such as Brian Krebs, Phil Plait, etc., about setting up onion site mirrors of their websites.

Assuming of course that TP and EFF experts concur that onion sites offer significant protection against bad certs and other problems with https.

Anonymous

October 12, 2016

Permalink

No doubt it is merely accidental that comments are disabled here:

https://blog.torproject.org/blog/q-and-yawning-angel

Many thanks to Yawning Angel for this urgently needed innovation. Very happy to hear third try is charm!

Too bad it won't be ready before 1 Dec 2016 when FBI is likely to begin attacking all Tor users with their NIT malware (which indeed seems to fall into the class of malware which exploits browser vulnerabilities to "phone home" to spyservers, but probably follows up by trying to implant an APT backdoor giving complete control of a privately owned computer used by someone not even suspected of any crime to the FBI, which would be an unprecedented violation of Constitutional protections [of US citizens; suspected "others" evidently are not regarded as having any human rights whatever by USG).

According to my understanding, Tails already uses some sandboxing. How will the new TB sandboxing from YA compare?

I wish the blog had recommended that at-risk users consider using Tails, at least until the new sandboxing is available and has been battle tested.

Anonymous

October 13, 2016

Permalink

@ Tails:

What if no Paypal account and our bank refuses to wire money to a German bank? Is there another way to donate?

Anonymous

October 14, 2016

Permalink

Don't use 1024-bit prime number!

A kilobit hidden SNFS discrete logarithm computation
http://eprint.iacr.org/2016/961

For non-scientists:
http://arstechnica.com/security/2016/10/how-the-nsa-could-put-undetecta…
Technique allows attackers to passively decrypt Diffie-Hellman protected data.
With the current batch of existing 1,024-bit primes already well past their, well, prime, the time has come to retire them to make
way for 2,048-bit or even 4,096-bit replacements. Those 1,024-bit primes that can't be verified as truly random should be viewed
with special suspicion and banished from accepted standards as soon as possible.

Anonymous

October 14, 2016

Permalink

It seems that Tor users who wish to avoid being enrolled in FBI's botnet come 1 Dec 2016 need to use Tails. And Tails is seeking donations to fund 2016 operations:

tails.boum.org

But how can US users who have a bank account but who do not use Paypal, Flattr, Bitcoin donate?

(The problem is that Tails uses a bank account in DE, and not all US banks are willing to transfer funds except in dollars, which the DE bank apparently does not accept.)

A few years ago, Freedom of the Press Foundation was forwarding donations to Tails, but the current funding drive announcement does not mention FOTP. It does say the money is handled by Riseup Labs, but doesn't say whether Riseup Networks can forward a donation to Tails.

Anonymous

October 14, 2016

Permalink

> "Many thanks to Yawning Angel for this urgently needed innovation. Very happy to hear third try is charm!

Too bad it won't be ready before 1 Dec 2016 when FBI is likely to begin attacking all Tor users with their NIT malware"

Do you believe they're not attacking already? Legality means almost nothing to the FBI, or any of the other alphabet agencies in the US. Most other country's "agency's" as well. They are just hedging their bets in case they're caught out.

Anonymous

October 15, 2016

Permalink

Text-to-Speech help!

I'm dyslexic and I frequently use TTS for reading long emails or pages with long threads/posts (Like this one).

Last night I finally upgraded to El Capitan (10.11.6). Ever since then, when I use Tor, it reads the ENTIRE webpage (telling me where there are buttons, etc), rather than just the text I select. This renders TTS completely useless in Tor.

Note: TTS works as it should in FireFox and in Safari. (I haven't tested opera or chrome, because I don't have them). It's only in Tor that it seems to have borked since my upgrade. And it did work properly in Mavericks (10.9.5)

The only solution I've found at this point is to install a 'reader' addon, select the text I want TTS to read and then activate TTS. But that's a lot of steps and doesn't always work well. (IE: If I activate the reader for the whole page, TTS still sees and reads the linked buttons for some reason.)

Is there any way to return the native functionality for TTS to Tor in OSX 10.11?

I assume it has something to do with Apple changing how TTS works from a copy/paste to whatever they now use, but I don't know for sure.

I love Tor and use it constantly, but this change is making it difficult to use on my most frequented sites.

Thanks in advanced!
X-posted to Stack Exchange