Tor Weekly News — August, 7th 2013
Welcome to the 6th issue of Tor Weekly News, the weekly newsletter that covers what is happening in the resilient Tor community.
Large hidden services provider compromised, attacks older TBB versions
Andrew Lewman wrote: “Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor network.”
The versions of Firefox used in Pluggable Transport bundles are still vulnerable. Replacements have been built, with credit to David Fifield, but they are yet to be released.
The press is running many stories covering these events, several containing false information. A better example is Kevin Poulsen’s article published in Wired on August, 5th. It did however assert “the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle”, in-fact most recent Tor Browser Bundle releases, with the exception of Pluggable Transports bundles, contained the patched version of Firefox ESR.
Monthly status reports for July 2013
The wave of regular monthly reports from Tor project members for the month of July has begun. Philipp Winter was first this time, followed by reports from Arlo Breault, Nick Mathewson, Noel David Torress Taño, Colin C., Sherief Alaa, Karsten Loesing, Damian Johnson, Mike Perry, George Kadianakis, and Andrew Lewman.
Tails developers issued a call for testing of the first release candidate of the upcoming 0.20 . Send them your reports!
Security researcher Jason Geffner presented a new tool to route all TCP/IP and DNS traffic through the Tor network on Windows called Tortilla during Black Hat USA 2013 and subsequently on the tor-talk mailing list. Binary and source code are available and are awaiting reviews by the community.
Wendell announced the first release of Tor.framework, a “Cocoa framework that allows developers to write apps for Mac OS X and iOS that work over the Tor onion routing network”. No comments have been made yet. Feel free to look at the source code, review and experiment.
Jerzy Łogiewa asked on tor-talk if Tor hidden services could be made to work near the speed of the standard web. Arian Sanusi replied that speed of light was actually the limiting factor for latency issues: “if relays were homogeneous distributed among the globe, two random relays will be 1/4 earth circumference apart on average. […] That’s 400ms from finite speed of light. Switches, routers and relays along the way will add to that.”
This issue of Tor Weekly News has been assembled by dope457, malaparte, Lunar, harmony, and Yawning.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing-list if you want to get involved!