commit 868becffad023c32c75e583c25d551c1808581b6 Author: gus gus@torproject.org Date: Mon Aug 31 15:17:31 2020 -0400
Fix links and header newsletter august 2020 --- content/archive/security-news-bug-smash-more-onions/contents.lr | 5 +++-- content/archive/security-news-bug-smash-more-onions/text/contents.lr | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/content/archive/security-news-bug-smash-more-onions/contents.lr b/content/archive/security-news-bug-smash-more-onions/contents.lr index 903dbf7..d3beb86 100644 --- a/content/archive/security-news-bug-smash-more-onions/contents.lr +++ b/content/archive/security-news-bug-smash-more-onions/contents.lr @@ -14,7 +14,7 @@ html_body: <tbody> <tr> <td width="100%"> - <table align="center" bgcolor="#ffffff" border="0" cellpadding="0" cellspacing="0" class="devicewidth" width="680"> + <table align="center" bgcolor="#ffffff" border="0" cellpadding="0" cellspacing="0" class="devicewidth" width="650"> <tbody><!-- Spacing --> <tr> <td height="20" width="100%"><a href="https://torproject.org"><img alt="tor-news-logo" src="https://blog.torproject.org/sites/default/files/inline-images/tor-news-logo-560.png" style="width: 250px; height: 75px;" /></a></td> @@ -25,8 +25,9 @@ html_body: <tbody> <tr> <td width="100%"> - <table align="center" bgcolor="#ffffff" border="0" cellpadding="0" cellspacing="0" class="devicewidth" height="4192" width="676"> + <table align="center" bgcolor="#ffffff" border="0" cellpadding="0" cellspacing="0" class="devicewidth" width="650"> <tbody><!-- /Spacing --><!-- Spacing --><!-- /Spacing --><!-- content --> + <tr> <td style="padding:0 15px 15px 15px;"> <p>Hello Tor community,</p> diff --git a/content/archive/security-news-bug-smash-more-onions/text/contents.lr b/content/archive/security-news-bug-smash-more-onions/text/contents.lr index ffc0525..f2d226e 100644 --- a/content/archive/security-news-bug-smash-more-onions/text/contents.lr +++ b/content/archive/security-news-bug-smash-more-onions/text/contents.lr @@ -16,13 +16,13 @@ Hello Tor community,
This month, we decided to write a slightly different newsletter. We want to answer questions you may have regarding news about Tor’s security.
-First, Tor is a secure tool to use. For perspective on how the Tor Project makes decisions about security and development, we’ll start with a tweet from Edward Snowden (twitter.com/snowden/status/1165391734823669761?lang=en): "I wouldn’t expect any system to be totally secure, much less remain secure forever in the face of adversary advances, but that is not the claim. Security is the process of choosing between "less safe" and "more safe’" and continuing to fork towards safety until you reach 'safe enough.'" +First, Tor is a secure tool to use. For perspective on how the Tor Project makes decisions about security and development, we’ll start with a tweet from Edward Snowden (https://twitter.com/snowden/status/1165391734823669761?lang=en): "I wouldn’t expect any system to be totally secure, much less remain secure forever in the face of adversary advances, but that is not the claim. Security is the process of choosing between "less safe" and "more safe’" and continuing to fork towards safety until you reach 'safe enough.'"
Snowden is right. Like all software, Tor development is a process. The Tor daemon, Tor Browser, onion services, pluggable transports, and many other software we develop are just like any other piece of software - they will have bugs. We are always working to make Tor safer for the largest number of users by prioritizing the most impactful changes.
In that spirit, we’d like to talk about two clusters of reports and the action we’ve taken.
-1. You may have heard about a series of bugs in Tor being reported as “0-days.” These bugs aren’t 0-days. Many of them are open in our bug tracker. We have triaged these tickets and determined they are not high priority, and they do not harm our users' anonymity. We explained more about our decision process regarding these bugs, and what comes next, in a tweet (twitter.com/torproject/status/1288955073322602496). +1. You may have heard about a series of bugs in Tor being reported as “0-days.” These bugs aren’t 0-days. Many of them are open in our bug tracker. We have triaged these tickets and determined they are not high priority, and they do not harm our users' anonymity. We explained more about our decision process regarding these bugs, and what comes next, in a tweet (https://twitter.com/torproject/status/1288955073322602496).
2. You may have heard about a group of exit relays running sslstrip attacks on the Tor network in May and June 2020. This attack targeted unencrypted HTTP connections to a small number of cryptocurrency exchange websites, and left other traffic alone. These relays have been monitored and excluded from the Tor network since they’ve joined. You can read the full details about the attack, and the next steps to mitigation, on our blog. (blog.torproject.org/bad-exit-relays-may-june-2020) Monitoring the Tor network continuously is very important in catching these kinds of attacks, and given our limited capacity, you can help by donating (https://donate.torproject.org) to help increase our network monitoring capacity, running your own relay (https://community.torproject.org/relay/), or reporting bad relays (https://community.torproject.org/relay/community-resources/bad-relays/).
tor-commits@lists.torproject.org