[Tor-BSD] New: DNS hijacking Old: Re: NYCBUG1 earns a T-shirt!
George Rosamond
george at ceetonetechnology.com
Thu Dec 12 11:54:17 EST 2013
nanotek:
>
> On 13/12/2013 2:52 AM, George Rosamond wrote:
>> Kyle Isom:
>>> On 12/12/13 01:15, nanotek wrote:
>>>> I'm hesitant to upgrade now, though, as the relay is up and running
>>>> without a problem.
>>>>
>>> This is a case where you *really* do want to upgrade. There were several
>>> major things fixed in the latest version; the latest version that was
>>> released last night is largely the same as devel version in the repo.
>>
>> He is actually running the latest Tor in FreeBSD ports... just not
>> tor-devel.
>>
>> But the Tor tarballs are now at 0.2.4.19 for stable and 0.2.5.1 for
>> alpha/devel.
>>
>> Both ports should be updated soon... but OTOH, I do recommend running
>> tor-devel out of FreeBSD ports. It's in alpha/devel that the itches
>> seem to be scratched first, and for years, I've never had an issue
>> running that branch.
>>
>> But quick primer on installing a newer Tor before the FreeBSD ports are
>> updated.
>>
>> 1. Download the "Source Tarball" from the extended downloads list from
>> the Tor www site and dump into /usr/ports/distfiles
>>
>> 2. Edit the appropriate Makefile for the new version on the
>> DISTVERSION= line.
>>
>> 3. from the port directory, run: make makesum
>>
>> 4. Deinstall and reinstall with new version. Seems that when you
>> uninstall it now, the daemon actually stops and needs to be manually
>> restarted after it's been reinstalled.
>>
>> g
>> _______________________________________________
>> A list focused on porting and running Tor software on *BSD Unix
>> Tor-BSD mailing list
>> Tor-BSD at nycbug.org
>> http://www.nycbug.org/mailman/listinfo/tor-bsd
>>
>
> Thanks, George. I appreciate the advice. Out of interest, am I posing a
> security risk to others by running the version I currently am? I don't
> run Tor as a client on my server at all. Only on Win7 where I have the
> latest release; so, I'm assuming I'm as protected as the current version
> of Tor affords. But, I do care about the level of security I'm providing
> my relay users.
>
I don't know of any specific vulnerabilities with that version of Tor,
but as I said offline, the online anonymity arms race verges on being
utterly psychotic and vicious, and keeping with well-reviewed and
updated code is important.
There are times that certain older versions are strongly discouraged,
and with the past summer's botnet issue, older versions of Tor was at-risk.
Obviously, the threat model of this world is a bit more sophisticated
than your normal script-kiddie's downloading binaries.
g
More information about the Tor-BSD
mailing list