critical security vulnaribility fixed in Tor 0.1.2.16
Freemor
freemor at yahoo.ca
Sat Aug 4 21:19:40 UTC 2007
Did this end up biting TOR in the ass, or is this a Proactive move? I am
just curious as I mentioned this very problem (or something extremely
close to it) back in August last year (see:
http://archives.seul.org/or/talk/Aug-2006/msg00187.html )
So I'm just wondering it if finally made it to the top of what I am sure
is a long To-do list that the DEV's have, or was it actually exploited.
I completely understand the need not to release further details until
people upgrade but I am looking forward (once things are safe) to
hearing how and by whom this was exploited if it was.
In either case (exploited/not exploited), Kudos to the Dev's for fixing
it quickly and getting the word out.
This has left me wondering one thing tho.. My tor was updated
auto-magically as I used a Debian based distro and have the official TOR
repository in my apt list. So my question is, is there, or could there
be some similar form of auto-updating for persons using the windows
version of TOR? If not maybe Vadalia could be made to check for TOR
updates and pop up notices to the users? ... just a thought. Sadly my
coding skills are decades out of date or I'd offer to help.
Freemor <freemor at yahoo.ca>
Freemor <freemor at rogers.com>
This e-mail has been digitally signed with GnuPG
See: http://gnupg.org/ for more details
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070804/fc710eee/attachment.pgp>
More information about the tor-talk
mailing list