pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/tor As suggested by Steven M. Bellovin:



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ea13ded2d8d6
branches:  trunk
changeset: 506469:ea13ded2d8d6
user:      jschauma <jschauma%pkgsrc.org@localhost>
date:      Mon Jan 16 16:52:31 2006 +0000

description:
As suggested by Steven M. Bellovin:
Add a note reminding users to manually set up EntryNodes in order to
prevent an information disclosure vulnerability in this version of tor.

diffstat:

 net/tor/MESSAGE |  18 +++++++++++++++++-
 1 files changed, 17 insertions(+), 1 deletions(-)

diffs (30 lines):

diff -r c7a6afa48a5c -r ea13ded2d8d6 net/tor/MESSAGE
--- a/net/tor/MESSAGE   Mon Jan 16 15:18:06 2006 +0000
+++ b/net/tor/MESSAGE   Mon Jan 16 16:52:31 2006 +0000
@@ -1,5 +1,5 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.2 2005/08/04 10:55:31 drochner Exp $
+$NetBSD: MESSAGE,v 1.3 2006/01/16 16:52:31 jschauma Exp $
 
 You probably want to install www/privoxy to torify your browsers.  Please
 see http://tor.eff.org/cvs/tor/doc/tor-doc.html for details.
@@ -13,3 +13,19 @@
   http://wiki.noreply.org/wiki/TheOnionRouter/TorInChroot
 
 ===========================================================================
+
+Security Note:
+
+If you offer a Tor hidden service, an adversary who can run a fast Tor server
+and who knows some basic statistics can find the location of your hidden
+service in a matter of minutes to hours.
+
+See http://archives.seul.org/or/announce/Jan-2006/msg00001.html
+for details.
+
+To prevent this information disclosure, manually configure a half dozen
+EntryNodes.
+
+See http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChooseEntryExit
+
+===========================================================================



Home | Main Index | Thread Index | Old Index