From d1b5097d0a39a20cc811381d87855fa1b9e0ca9c Mon Sep 17 00:00:00 2001
From: jschauma <jschauma@pkgsrc.org>
Date: Mon, 16 Jan 2006 16:52:31 +0000
Subject: As suggested by Steven M. Bellovin: Add a note reminding users to
 manually set up EntryNodes in order to prevent an information disclosure
 vulnerability in this version of tor.

---
 net/tor/MESSAGE | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'net/tor')

diff --git a/net/tor/MESSAGE b/net/tor/MESSAGE
index 0a196f75107..b52d3e2f933 100644
--- a/net/tor/MESSAGE
+++ b/net/tor/MESSAGE
@@ -1,5 +1,5 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.2 2005/08/04 10:55:31 drochner Exp $
+$NetBSD: MESSAGE,v 1.3 2006/01/16 16:52:31 jschauma Exp $
 
 You probably want to install www/privoxy to torify your browsers.  Please
 see http://tor.eff.org/cvs/tor/doc/tor-doc.html for details.
@@ -13,3 +13,19 @@ If you wish to chroot tor, you may find the following URLs helpful:
   http://wiki.noreply.org/wiki/TheOnionRouter/TorInChroot
 
 ===========================================================================
+
+Security Note:
+
+If you offer a Tor hidden service, an adversary who can run a fast Tor server
+and who knows some basic statistics can find the location of your hidden
+service in a matter of minutes to hours.
+
+See http://archives.seul.org/or/announce/Jan-2006/msg00001.html
+for details.
+
+To prevent this information disclosure, manually configure a half dozen
+EntryNodes.
+
+See http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChooseEntryExit
+
+===========================================================================
-- 
cgit v1.2.3