[freenet-dev] Freenet 0.7.5 build 1411

2012-09-03 Thread Matthew Toseland 
Freenet 0.7.5 build 1411 is now available. Please upgrade, as this is an 
important security fix and will be mandatory on Wednesday.

This build fixes a serious bug posted in the following paper:
http://www.ee.hawaii.edu/~dong/traceback/1569649421.pdf
(?A Traceback Attack on Freenet,? submitted to IEEE INFOCOM 2013, Guanyu Tian 
et al)

In summary the attack would allow for tracing individual Freenet block requests 
back to their originator, often without even having to correlate multiple 
requests, by exploiting some architectural issues related to request UIDs.

Actually this build only 99% fixes it. There are cases where it might still 
work, but further work in the next build will eliminate those cases.

It also removes the old probe code. Sorry for all those who were watching the 
network size graphs; hopefully operhiem1 will be able to replace these. However 
the old probe code really gave away way more information on the network 
topology than is reasonable, we are safer without it.

It does not include the code on 1411-pre2, sadly. There are many changes under 
development. I will release a new pre- build soon but please use 1411 rather 
than 1411-pre2.
-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL:

[freenet-dev] Freenet 0.7.5 build 1411

2012-09-03 Thread Matthew Toseland 
Freenet 0.7.5 build 1411 is now available. Please upgrade, as this is an 
important security fix and will be mandatory on Wednesday.

This build fixes a serious bug posted in the following paper:
http://www.ee.hawaii.edu/~dong/traceback/1569649421.pdf
(“A Traceback Attack on Freenet,” submitted to IEEE INFOCOM 2013, Guanyu Tian 
et al)

In summary the attack would allow for tracing individual Freenet block requests 
back to their originator, often without even having to correlate multiple 
requests, by exploiting some architectural issues related to request UIDs.

Actually this build only 99% fixes it. There are cases where it might still 
work, but further work in the next build will eliminate those cases.

It also removes the old probe code. Sorry for all those who were watching the 
network size graphs; hopefully operhiem1 will be able to replace these. However 
the old probe code really gave away way more information on the network 
topology than is reasonable, we are safer without it.

It does not include the code on 1411-pre2, sadly. There are many changes under 
development. I will release a new pre- build soon but please use 1411 rather 
than 1411-pre2.


signature.asc
Description: This is a digitally signed message part.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl