Hi, I like this and think it should be published soon. My 2cents of comments on some minor typos and suggestions/questions inline. (I you put it into Git somewhere I can also send a patch :) )
Jurre van Bergen: > On Wednesday, July 30th, the Tor project released a security advisory[1] > with details about a so called deanonymization attack. Tails has Tor at > it's heart, your traffic goes over Tor when you but not limited to, This sentence is a bit mangled. Maybe ".. at it's hearts. For example, you traffic goes over the Tor network when you browse a website or send an email. > browse a website or trying to e-mail a peer. Because of this I wanted to s/I/we/ ? > give an overview of how Tails might be affected by this attack. > > Scope and severity > =========== > > The attack is targeted at people who visit Tor hidden services and > expose the ip-adress of the user. An attacker could run a number of Tor s/ip-adress/IP address/ > relays to modify traffic and learn the identity that way. It's not clear > at this point in time how much attackers have learned and what they have > learned. The attackers likely couldn't see full-application traffic like > which websites were visited. > > There is a possibility that attackers have learned the ip-address of s/attackers/the attackers/ and s/ip-address/IP addresses/ > Tails users who visited Tor hidden services between January 30 and July > 4, when the bad relays have been taken out of the Tor network, should > assume affected. To make a proper sentence, cut the ", should assume affected" and finish the sentence instead with a "." ? > > We recommend you read the full advisory[2] by Tor for the technical s/by Tor/by the Tor Project/ > story behind the attack. > > Temporary countermeasure > ================ > > Tor has provided an updated version, we recommend you to upgrade to the s/Tor/the Tor Project > latest version of Tor and this is how you do it: > > 1: Set up an administrative password[3] > 2: Connect to the internet > 3: Run the following in a "root terminal": apt-get update && apt-get > install tor > > You know run the latest version of Tor which mitigates this vulnerability. s/know/now > > [1] > https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack > [2] > https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack > [3] > https://tails.boum.org/doc/first_steps/startup_options/administration_password/index.en.html Best, sycamoreone _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
