Bug#349283: tor: Tor security advisory: hidden services can be located quickly
On Sat, Jan 21, 2006 at 07:17:36PM -0500, Chris Howie wrote: Package: tor Version: 0.1.0.16-1 Severity: grave Tags: security Justification: user security hole Tor isn't included in a Debian stable release, so no need for a DSA. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#349283: tor: Tor security advisory: hidden services can be located quickly
On Sat, 21 Jan 2006, Chris Howie wrote: Package: tor Version: 0.1.0.16-1 Severity: grave Tags: security Justification: user security hole Source: http://archives.seul.org/or/announce/Jan-2006/msg1.html Basically an attacker who can run a fast Tor server can find the location of a hidden service in a matter of hours, possibly even minutes. This is fixed in 0.1.1.12-alpha, but as this is an alpha release it may contain other bugs. So your options are - do not run a hidden service - wait for a few weeks or months until 0.1.1.x becomes stable and I upload it to sid - use 0.1.1.x now (from experimental or my backports archive http://wiki.noreply.org/noreply/TheOnionRouter/TorOnDebian Also, Tor continues to be as fine as ever for people who don't offer hidden services, so maybe grave is a bit strong. Cheers, Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#349283: tor: Tor security advisory: hidden services can be located quickly
Peter Palfrader wrote: Also, Tor continues to be as fine as ever for people who don't offer hidden services, so maybe grave is a bit strong. Nonetheless it is a serious security hole for people who *do* run hidden services. I thought grave might be a bit too high, but serious is specifically for Debian Policy violations, and important seems a bit too weak. If there was something between grave and important (e.g. a security issue with a particular menu item) I would have picked that. In the abscence of such a severity I stand by my decision of grave. (Better it be considered more severe than it is, than to be considered less severe than it is.) -- Chris Howie http://www.chrishowie.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS/IT d-(--) s:- a---? C++(+++)$ UL P$ L+++ E--- W++ N o++ K? w--$ O M- V- PS--(---) PE++ Y+ PGP++ t+ 5? X- R(+)- tv-(--) b- DI+ D++ G+++ e++ h(--)--- !r+++ y-+++ --END GEEK CODE BLOCK-- signature.asc Description: OpenPGP digital signature
