Tor security advisory: Old Tor Browser Bundles vulnerable
This vulnerability was fixed in Firefox 17.0.7 ESR. The following versions of the Tor Browser Bundle include this fixed version:
- 2.3.25-10 (released June 26 2013)
- 2.4.15-alpha-1 (released June 26 2013)
- 2.4.15-beta-1 (released July 8 2013)
- 3.0alpha2 (released June 30 2013)
Tor Browser Bundle users should ensure they're running a recent enough bundle version, and consider taking further security precautions.
Read the full advisory here:
apparently windows gives zero day exploits to the nsa before they even patch the systems.
If you ran NSA, GCHQ, Mossad, where is the first place you'd put a covert agent? MSFT, right? Ever wonder why they keep finding all those vulnerabilities that require update after update? Many of their employees work for intelligence agencies from all over the world. The Russians put something in, we take it out and put something else in, the U.K. agent finds it and takes it out and puts something else in. With apologies to Disney, "the circle of surveillance continues." It always will with software that does not have source code openly available.
"It always will with software that does not have source code openly available."
Gene Spafford, from circa 2000-2002:
"the nature of whether code is produced in an open or proprietary manner is largely orthogonal to whether the code (and encompassing system) should be highly trusted."
"From this standpoint, few current offerings, whether open or proprietary, are really trustworthy, and this includes both Windows and Linux, the two systems that consistently have the most security vulnerabilities and release the most security-critical patches."
How many people, who actually possess the requisite expertise, actually examine ALL of the code?