Tor Users Urged To Update After Security Breach

An anonymous reader writes "If you use Tor, you're cautioned to update now due to a security breach. In a message on the Tor mailing list dated Jan 20, 2010, Tor developer Roger Dingledine outlines the issue and why you should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha now: 'In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we'd recently set up to serve metrics data and graphs. The three servers have since been reinstalled with service migrated to other servers.' Tor users should visit the download page and update ASAP."

From: Anonymous Coward

Anyone else find it so funny that a news story about anonymity is suggested to slashdot by anonymous coward?

I think it's the best form of joke... one with an epic amount of unexpected expectedness.

Tor weaknesses

[girlintraining]

The problem with Tor is that there's no way to detect compromises -- every node on the network could be compromised and you'd never know. Authors of botnets have greater anonymity than we do -- ironically because it's run by a central authority. An illegal and immoral one, yes, but one that comes with a measure of anonymity. Few botnet authors are actually caught even with the most primitive security methods. They don't even use encryption and they often can't be found...

US Intelligence almost certainly monitors TOR

[presidenteloco]

I mean. That's where I'd go fishing for people trying to communicate secrets,
if I was them.

Now I don't want to spread paranoia, but
did you know that the patent on Onion Routing was filed by the US Department of the Navy?
Look it up.

Remember kiddies. Always use your own encryption layer.