Thema: Neue Tor-Version: sicherer und anonymer

[SiLæncer]

Code: [Auswählen]

Tor 0.2.1.30 fixes a variety of less critical bugs. The main other
change is a slight tweak to Tor's TLS handshake that makes relays
and bridges that run this new version reachable from Iran again.
We don't expect this tweak will win the arms race long-term, but it
buys us time until we roll out a better solution.

https://www.torproject.org/download/download

Changes in version 0.2.1.30 - 2011-02-23
  o Major bugfixes:
    - Stop sending a CLOCK_SKEW controller status event whenever
      we fetch directory information from a relay that has a wrong clock.
      Instead, only inform the controller when it's a trusted authority
      that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
      the rest of bug 1074.
    - Fix a bounds-checking error that could allow an attacker to
      remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
      Found by "piebeer".
    - If relays set RelayBandwidthBurst but not RelayBandwidthRate,
      Tor would ignore their RelayBandwidthBurst setting,
      potentially using more bandwidth than expected. Bugfix on
      0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
    - Ignore and warn if the user mistakenly sets "PublishServerDescriptor
      hidserv" in her torrc. The 'hidserv' argument never controlled
      publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.

  o Minor features:
    - Adjust our TLS Diffie-Hellman parameters to match those used by
      Apache's mod_ssl.
    - Update to the February 1 2011 Maxmind GeoLite Country database.

  o Minor bugfixes:
    - Check for and reject overly long directory certificates and
      directory tokens before they have a chance to hit any assertions.
      Bugfix on 0.2.1.28. Found by "doorss".
    - Bring the logic that gathers routerinfos and assesses the
      acceptability of circuits into line. This prevents a Tor OP from
      getting locked in a cycle of choosing its local OR as an exit for a
      path (due to a .exit request) and then rejecting the circuit because
      its OR is not listed yet. It also prevents Tor clients from using an
      OR running in the same instance as an exit (due to a .exit request)
      if the OR does not meet the same requirements expected of an OR
      running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.

  o Packaging changes:
    - Stop shipping the Tor specs files and development proposal documents
      in the tarball. They are now in a separate git repository at
      git://git.torproject.org/torspec.git
    - Do not include Git version tags as though they are SVN tags when
      generating a tarball from inside a repository that has switched
      between branches. Bugfix on 0.2.1.15-rc; fixes bug 2402.

http://www.torproject.org

[SiLæncer]

Da dürfte wohl die neue Tor Version drinne sein ...

http://www.torproject.org

[SiLæncer]

Kein Changelog verfügbar

http://www.torproject.org

[SiLæncer]

Zitat einfügen
Kein Changelog verfügbar

http://www.torproject.org

[SiLæncer]

Advanced Onion Router (formerly Advanced TOR) enables anonymous connections quickly and easily for applications with or without proxy support usually necessary for the TOR network. AdvOR includes a long list of other tools and features for the TOR network including behaving as a server and blocking outgoing connections, ports, and websites.



License: Various Open Source

What's new: >>

2011-04-02 Advanced Onion Router 0.2.0.9

    corrected: AdvOR.dll was checking for the old signature "AdvTor" instead of "AdvOR" when releasing intercepted processes
    corrected: the options to avoid using in same circuit nodes from same subnets and countries are no longer disabled when enabling the option to avoid AS path intersections
    the code was restructured to get rid of all goto's inherited from Tor; some functions were optimized and some memory leaks were corrected
    directory servers running AdvOR no longer accept requests for "/tor/bytes.txt", "/tor/mallinfo.txt" and "/tor/dbg-stability.txt" ; requests for them will result in 404 errors
    new configuation option: Confirmations; currently it is used to configure confirmation dialogs that are shown at exit and when closing non-proxy connections of an intercepted process
    when changing the identity, more information is shown about the new identity when possible
    the option "Circuit timeout when exiting program" was moved from the Circuit Build page to the "Become a Server" page as "Circuit timeout when entering hibernation"; this made room for a new option,
    new configuration option: CircuitBandwidthRate (default is disabled), which is used to configure the minimum required bandwidth rate for circuits
    new option on the Circuit Build page: "Minimum circuit bandwidth rate"; if this option is enabled, all circuits will be built with routers that have the minimum required bandwidth rate
    updated language strings: 123, 2690, 2767, 2768, 2769, 2770, 2771, 2772, 2773, 2774, 2775, 2776

http://sourceforge.net/projects/advtor/

[SiLæncer]

What's new: >>

2011-04-25 Advanced Onion Router 0.2.0.11

- corrected: if an invalid hostname was requested, the connection state was not set (thanks to RoLex for reporting this error)
- the function CreateNewProcess() returns a process handle for the process that was created
- new configuration option: SynchronizeExit which can have QuickStart menu items as parameters, to start applications and to wait for them to terminate, then exit, or to exit when any of the SynchronizeExit applications exits, also terminating all intercepted processes (for situations where AdvOR is only needed for one application)
- added instructions on how to use the Tor Browser bundle from torproject.org with AdvOR and a sample AdvOR.ini to AdvOR\Tor-info\Firefox (readme.txt and AdvOR.ini).
- added instructions on how to use Opera as a portable "Tor Browser" and a sample AdvOR.ini to AdvOR\Tor-info\Opera (readme.txt and AdvOR.ini).

http://sourceforge.net/projects/advtor/

[SiLæncer]

Kein Changelog verfügbar

http://www.torproject.org

[SiLæncer]

Das Tor-Projekt hat bekannt gegeben, die Firefox Erweiterung Torbutton aus Mozillas Add-on-Repositorium zu entfernen. Die Erweiterung sei zu kompliziert und umständlich. Ein Firefox-Fork soll die Nutzung von Tor, einer Lösung, um sich anonym im Web zu bewegen, vereinfachen.

Vor ca. zwei Jahren wurde an den Tor-Entwickler Mike Perry die Idee herangetragen, statt des Torbuttons ein sauberes Firefox-Profil anzubieten, mit dessen Hilfe sich Anwender anonym im Internet bewegen können. Tor, The Onion Routing, nutzt ein dezentralisiertes Netzwerk, um den zurückgelegten Weg von Datenpaketen zu verschleiern. Datenpakete werden verschlüsselt über eine Reihe von Tor-Servern geleitet und erst zugestellt, nachdem sie mehrere Stationen passiert haben. Die Wege der Datenpakete durch das Tor-Netzwerk werden in regelmäßigen Zeitabständen geändert. So wird es für Datensammler schwierig, einem Nutzer die von ihm aufgerufenen Seiten zuzuordnen.

Bisher mussten sich Anwender des Torbuttons merken, für welche Browser-Tabs sie den Tor-Modus aktiviert hatten. Dazu kommt, dass sie oft zusätzliche Software installieren mussten, um Tor einzusetzen, was der Benutzerfreundlichkeit nicht immer förderlich war.

Mit einem eigenen Mozilla-Fork, dem Tor Browser, kann das Tor-Projekt nicht nur bereits für ein Zusammenspiel mit Tor konfigurierte Browser anbieten. Es kann auch schneller für Tor wichtige Fehlerbehebungen und Änderungen einfließen lassen, ohne darauf zu warten, ob und wann Mozilla die Korrekturen berücksichtigt.

Da den Tor-Entwicklern die Kapazitäten fehlen, sich um Torbutton und Browser zu kümmern, wollen sie sich zukünftig auf den Firefox-Fork konzentrieren und Torbutton nur noch erfahrenen Benutzern bereitstellen. Momentan analysieren sie die Probleme, die ihr Plan mit sich bringt, und diskutieren ihr Vorhaben in der Tor-Mailingliste.

Quelle : www.pro-linux.de

[SiLæncer]

What's new: >>

New release of Advanced Onion Router - version 0.2.0.12.

Changes:

    corrected: when an UNICODE language file was loaded, list view subitems for hidden services and plugins were not updated
    corrected: since language files were loaded using read_file_to_str(), language files were opened in text mode and had CRLF (\r\n) converted to LF (\n), which caused multi-line debug messages to be converted to single-line messages
    the restriction for minimum circuit bandwidth rate now uses BandwidthCapacity instead of BandwidthRate (it uses what the router is known to handle instead of what the router reported it can handle)
    the window title will show "Disconnected" when disconnecting from the OR network (suggested by TT)
    new option for circuit context menus on the "Network information" page: "Priority", which is used when deciding which circuits to use for a new client connection when more circuits with different priorities exist; low priority circuits are used only when no higher priority circuits are available
    new option for circuit context menus on the "Network information" page: "Availability" which can be used to change expiration times or to prevent a manually built circuit from expiring (the default expiration time can be changed from the "Circuit build" page)
    new option on the "System" page: "Encrypt all settings using AES"; if this option is enabled, all configuration files are gzipped and encrypted using a password or a key file and saved to AdvOR.dat, original configuration files are deleted; to revert the encryption and to save plain-text configuration files, after a successfull login, the encryption can be disabled from the System dialog
    new functions for plugins: tor_malloc(), tor_free(), safe_malloc(), safe_free() (the "safe" functions attempt to allocate memory that is not cached to the Windows swap file)
    new functions for plugins: write_protected_file(), append_to_protected_file(), read_protected_file(), protected_file_exists(); if encrypting configuration files is enabled, "protected files" are gzipped and encrypted and saved to AdvOR.dat
    an example plugin (C) that uses protected file operations was included in the source code archive - Notes.dll (a simple text editor which saves a text file to AdvOR.dat when encryption is enabled, and "AdvOR--notes.txt" when encryption is disabled)
    an example plugin (asm) that uses AdvTor_HandleRead() was included in the source code archive - ShowURL.dll (a plugin that shows the complete URLs used with HTTP proxy requests)
    new functions for plugins: tor_gzip_compress(), tor_gzip_uncompress(), tor_zlib_new(), tor_zlib_process(), tor_zlib_free(), detect_compression_method()
    the plugin Blacklist.dll can now download and uncompress gzipped blacklists
    updated language strings: 2777, 2778, 2779, 2780, 2781, 2782, 2783, 2784, 2785, 2786, 2787, 2788, 2789, 2790, 2791, 2792, 2793, 2794, 2795, 2796, 2797, 2798

http://sourceforge.net/projects/advtor/

[SiLæncer]

What's new: >>

2011-07-03 Advanced Onion Router 0.3.0.0

- corrected: the parameter "--verify-lng" expected a language name instead of a language file name; now both are accepted (thanks to mamont for reporting this problem)
- corrected: the selection "No exit" was shown as an invalid exit in window title and in the Debug window
- if the option "Always on top" is enabled, popup message boxes are created with the MB_TOPMOST style
- new functions for plugins: lang_get_string(), lang_change_dialog_strings() and a new event for plugins: AdvTor_LanguageChange()
- the Blacklist plugin is updated to version 1.02 with multi-language support; added an example language file Blacklist-English.lng
- when hibernation mode is enabled, all connection requests from all intercepted processes are rejected and logged
- the list with child dialogs was replaced with a tree view
- some options from the "Proxy" page were moved to 2 different new pages: "Banned addresses" and "Advanced proxy settings"
- the lists with banned routers and favorite routers were moved to 2 separate pages
- tracked hosts and address maps were moved to a separate page
- new page: "Private identity" with options related to changes that happen when changing identities
- added an editor for QuickStart menus
- when a process is not allowed to get the real local time, AdvOR.dll also intercepts FindFirstFileW and FindNextFileW to adjust file times
- added support for deleting Flash cookies, history, website personalizations and cache when changing identities
- added support for deleting cookies saved by Internet Explorer, Chrome, Safari, Opera and Firefox when changing identities; cookie deletion procedures attempt to invoke browser API's via remote threads
- geoip_c.h was updated with GeoIPCountryWhois.csv released on June 2nd
- the procedure that downloads bridges from https://bridges.torproject.org was rewritten to work with invalid certificates received from https://bridges.torproject.org
- when disabling http/https proxies from the "Authorities" dialog, proxy addresses are no longer removed from configuration (requested by ktwh)
- corrected: the function tor_malloc() was replaced with GlobalAlloc() which is thread-safe in procedures that convert UTF-8 language strings for GUI items (thanks to mamont for reporting this problem)
- new option on the "Bypass ISP filtering" page: "Allow invalid certification authorities for bridges.torproject.org" (default is disabled for security reasons; downloading the list of bridges fails when this option is disabled if Internet Explorer can't verify the certificate up to a trusted authority - when using WinInet functions for IE 6 on Windows XP SP2/3)
- if the language strings 0 and/or 1248 contain links to torproject.org they are removed because some translations say torproject.org is the official website for AdvOR (complaints were received from torproject.org that some users ask them about AdvTor/AdvOR problems instead of using our forums)
- corrected: buffer overflow in plugin_load_lng() (thanks to mamont for reporting this problem)
- corrected: UNICODE language files were not converted to UTF-8
- the resource file was updated to include the option "Allow invalid certification authorities from certificates for bridges.torproject.org"
- updated language strings: 1, 36, 50, 54, 59, 61, 97, 109, 110, 115, 117, 128, 130, 143, 144, 2677, 2799, 2800, 2801, 2802, 2803, 2804, 2805, 2806, 2807, 2808, 2809, 2810, 2811, 2812, 2813, 2814, 2815, 2816, 2817, 2818, 2819, 2820, 2821, 2822, 2823, 2824, 2825, 2826, 2827, 2828, 2829, 2830, 2831, 2832, 2833, 2834, 2835, 2836, 2837, 2838, 2839, 2840, 2841, 2842, 2843, 2844, 2845, 2846, 2847, 2848, 2849, 2850, 2851, 2852, 2853, 2854, 2855, 2856, 2857, 2858, 2859, 2860, 2861, 2862, 2863, 2864, 2865, 2866, 2867, 2868, 2869, 2870, 2871, 2872, 2873, 2874, 2875
- added mamont's changes to AdvOR-english.lng for special GUI effects (updated language strings: 47, 53, 57, 59, 60, 62, 1248, 2804, 2805, 2817)

http://sourceforge.net/projects/advtor/

[SiLæncer]

Kein Changelog verfügbar

http://www.torproject.org

[SiLæncer]

Kein Changelog verfügbar

http://www.torproject.org

[SiLæncer]

What's new: >>

2011-07-22 Advanced Onion Router 0.3.0.1

- new page: "HTTP headers" with options related to changing HTTP headers and showing HTTP requests and replies with or without full headers (LOG_NOTICE for headers, LOG_INFO for full HTTP traffic, original and adjusted)
- setting a public proxy in a client and intercepting it will cause AdvOR to chain the OR exit with that proxy (to bypass Tor blacklists)
- if proxy chains are detected, all requests for all proxies are rewritten to apply all configured restrictions for each proxy in a chain
- if Opera Turbo traffic is detected in a proxy chain, Opera's unique identifier and the screen resolution that are sent to the Opera Turbo servers are replaced with identity-dependent random values
- added support for keep-alive HTTP connections
- added support for chunked HTTP transfers
- added support for multipart HTTP content types
- added support for identity-dependent fake HTTP headers with custom user-agent, regional settings, fake extensions, fake OS, etc.; can generate fake headers to mask a web browser as Chrome, Firefox, Internet Explorer, Opera, Safari, Bing bot, Googlebot, Yahoo! bot and Yandex bot
- added options to show original and adjusted HTTP headers in Debug (LOG_INFO for full headers, LOG_NOTICE for requests)
- all HTTP cookies that are received during an identity session are cached; the cookie cache is cleared when changing identities; all cookies that are not found in cache are filtered from HTTP requests
- corrected: cookie lines were not always separated by new lines (thanks to Rex for reporting this error)
- all dialogs that display a message show the message in an edit control with a vertical scroll bar (requested by TT)
- when an application sends an HTTP request to a connection that is already attached to a circuit for a different host, HTTP status 302 is returned to cause the application to create a new connection for that request
- corrected: when the option to select a random user-agent using identity seeds is enabled, the browser type "unknown" is no longer selected (AdvOR 0.3.0.1 test 3)
- added probabilities for all languages from all countries to increase chances of national languages being generated more often than languages spoken by minorities
- fake IE extensions are generated using better frequencies taken from more header samples
- the generators for fake HTTP headers for Chrome, Firefox, Opera and Safari were improved with more version pairs using HTTP header samples from http://useragentstring.com
- the header "X-Requested-With" is no longer removed when the option to remove unknown headers is enabled
- new option on the "Private Identity" page: "Disallow cookies used with previous identities"; if this option is enabled AdvOR itself will cache all cookies and expire them when the identity is changed; cookies that are not found in cache are removed from all requests
- when the option to show full request headers is enabled, all HTTP traffic, including POST data, is logged if the log level is greater than "[6] Proxy"
- corrected: some settings from the "HTTP headers" page were not saved to AdvOR.ini (thanks to Rex for reporting this problem) (AdvOR 0.3.0.1 test 5)
- added restrictions for minimum widths and heights for all child dialogs
- added scroll bars for all child dialogs that are resized to dimensions smaller than minimum accepted values (requested by TT)
- the Blacklist plugin was updated to add support for scroll bars
- geoip_c.h was updated with GeoIPCountryWhois.csv released on July 5th
- updated language strings: 2896, 2897, 2898, 2899, 2900, 2901, 2902, 2903, 2904, 2905, 2906, 2907, 2908, 2909, 2910, 2911, 2912, 2913, 2914, 2915, 2916, 2917, 2918, 2919, 2920, 2921, 2922, 2923, 2924, 2925, 2926, 2927, 2928, 2929


http://sourceforge.net/projects/advtor/

[SiLæncer]

Whats new>>

    Update Firefox to 3.6.20
    Update Libevent to 2.0.13-stable
    Update HTTPS-Everywhere to 1.0.0development.5

http://www.torproject.org

[SiLæncer]

What's new: >>

Code: [Auswählen]

2011-08-08 Advanced Onion Router 0.3.0.1e

- corrected: a negative status was assigned to an unsigned variable in proxy_handle_client_data()

2011-08-05 Advanced Onion Router 0.3.0.1d

- corrected: invalid pointer access if headers with different line terminators were received from a client in one request
- corrected: when a web redirect was sent as a response for a request on a connection that was already associated with a different host the client was expected to close the connection causing some clients to wait indefinitely for the remote connection to be closed
- the directory Tor-info was renamed to "Help" and the file tor-manual.html was removed; all text files related to the OR protocol were moved to Help\Tor
- added a help file with explanations for all GUI settings and commands ("Help\AdvOR.html", "Help\Img")
- geoip_c.h was updated with GeoIPCountryWhois.csv released on August 4th

2011-07-30 Advanced Onion Router 0.3.0.1c

- HTTP servers that don't send any information about the length of the message they return for statuses that allow/require an entity to be returned are assumed to close the connection after sending the response (thanks to DeepAnger for reporting this problem)

2011-07-30 Advanced Onion Router 0.3.0.1b

- corrected: when processing server data, a wrong buffer size could had been returned to _connection_write_to_buf_impl()
- corrected: the capitalization for rewritten uTorrent HTTP headers did not match uTorrent's capitalization

2011-07-28 Advanced Onion Router 0.3.0.1a

- corrected the resize_info structure for the main dialog to make more room for child dialogs
- uTorrent is now autodetected and its headers are re-generated as uTorrent headers (thanks to DeepAnger for reporting problems with some private trackers)
- added uTorrent version pairs that are used to generate identity-dependent major browser versions when uTorrent is detected
- added: new browser type on the "HTTP headers" page: "Mask a BitTorrent client as uTorrent" which can be used with BitTorrent clients that are not supported yet
- updated language strings: 2930

http://sourceforge.net/projects/advtor/