diff options
| author | jschauma <jschauma> | 2006-01-16 16:52:31 +0000 |
|---|---|---|
| committer | jschauma <jschauma> | 2006-01-16 16:52:31 +0000 |
| commit | cc3a3925e3c9ee896e06953f225a31253e942f38 (patch) | |
| tree | b646d9ef4a1d94459fbeba4f51d25d301dddff0b /net | |
| parent | 231c20f05d3301974c0b2cbd98770420a19e646b (diff) | |
| download | pkgsrc-cc3a3925e3c9ee896e06953f225a31253e942f38.tar.gz | |
As suggested by Steven M. Bellovin:
Add a note reminding users to manually set up EntryNodes in order to
prevent an information disclosure vulnerability in this version of tor.
Diffstat (limited to 'net')
| -rw-r--r-- | net/tor/MESSAGE | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/net/tor/MESSAGE b/net/tor/MESSAGE index 0a196f75107..b52d3e2f933 100644 --- a/net/tor/MESSAGE +++ b/net/tor/MESSAGE @@ -1,5 +1,5 @@ =========================================================================== -$NetBSD: MESSAGE,v 1.2 2005/08/04 10:55:31 drochner Exp $ +$NetBSD: MESSAGE,v 1.3 2006/01/16 16:52:31 jschauma Exp $ You probably want to install www/privoxy to torify your browsers. Please see http://tor.eff.org/cvs/tor/doc/tor-doc.html for details. @@ -13,3 +13,19 @@ If you wish to chroot tor, you may find the following URLs helpful: http://wiki.noreply.org/wiki/TheOnionRouter/TorInChroot =========================================================================== + +Security Note: + +If you offer a Tor hidden service, an adversary who can run a fast Tor server +and who knows some basic statistics can find the location of your hidden +service in a matter of minutes to hours. + +See http://archives.seul.org/or/announce/Jan-2006/msg00001.html +for details. + +To prevent this information disclosure, manually configure a half dozen +EntryNodes. + +See http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChooseEntryExit + +=========================================================================== |