[Tor-BSD] New: DNS hijacking Old: Re: NYCBUG1 earns a T-shirt!

George Rosamond george at ceetonetechnology.com
Thu Dec 12 11:54:17 EST 2013

> On 13/12/2013 2:52 AM, George Rosamond wrote:
>> Kyle Isom:
>>> On 12/12/13 01:15, nanotek wrote:
>>>> I'm hesitant to upgrade now, though, as the relay is up and running
>>>> without a problem.
>>> This is a case where you *really* do want to upgrade. There were several
>>> major things fixed in the latest version; the latest version that was
>>> released last night is largely the same as devel version in the repo.
>> He is actually running the latest Tor in FreeBSD ports... just not
>> tor-devel.
>> But the Tor tarballs are now at for stable and for
>> alpha/devel.
>> Both ports should be updated soon... but OTOH, I do recommend running
>> tor-devel out of FreeBSD ports.  It's in alpha/devel that the itches
>> seem to be scratched first, and for years, I've never had an issue
>> running that branch.
>> But quick primer on installing a newer Tor before the FreeBSD ports are
>> updated.
>> 1.  Download the "Source Tarball" from the extended downloads list from
>> the Tor www site and dump into /usr/ports/distfiles
>> 2.  Edit the appropriate Makefile for the new version on the
>> 3.  from the port directory, run: make makesum
>> 4.  Deinstall and reinstall with new version.  Seems that when you
>> uninstall it now, the daemon actually stops and needs to be manually
>> restarted after it's been reinstalled.
>> g
>> _______________________________________________
>> A list focused on porting and running Tor software on *BSD Unix
>> Tor-BSD mailing list
>> Tor-BSD at nycbug.org
>> http://www.nycbug.org/mailman/listinfo/tor-bsd
> Thanks, George. I appreciate the advice. Out of interest, am I posing a
> security risk to others by running the version I currently am? I don't
> run Tor as a client on my server at all. Only on Win7 where I have the
> latest release; so, I'm assuming I'm as protected as the current version
> of Tor affords. But, I do care about the level of security I'm providing
> my relay users.

I don't know of any specific vulnerabilities with that version of Tor,
but as I said offline, the online anonymity arms race verges on being
utterly psychotic and vicious, and keeping with well-reviewed and
updated code is important.

There are times that certain older versions are strongly discouraged,
and with the past summer's botnet issue, older versions of Tor was at-risk.

Obviously, the threat model of this world is a bit more sophisticated
than your normal script-kiddie's downloading binaries.


More information about the Tor-BSD mailing list