Freenet 0.7.5 build 1411 is now available. Please upgrade, as this is an important security fix and will be mandatory on Wednesday.
This build fixes a serious bug posted in the following paper: http://www.ee.hawaii.edu/~dong/traceback/1569649421.pdf (“A Traceback Attack on Freenet,” submitted to IEEE INFOCOM 2013, Guanyu Tian et al) In summary the attack would allow for tracing individual Freenet block requests back to their originator, often without even having to correlate multiple requests, by exploiting some architectural issues related to request UIDs. Actually this build only 99% fixes it. There are cases where it might still work, but further work in the next build will eliminate those cases. It also removes the old probe code. Sorry for all those who were watching the network size graphs; hopefully operhiem1 will be able to replace these. However the old probe code really gave away way more information on the network topology than is reasonable, we are safer without it. It does not include the code on 1411-pre2, sadly. There are many changes under development. I will release a new pre- build soon but please use 1411 rather than 1411-pre2.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
