Silk Road forums

Discussion => Security => Topic started by: samuelkane on April 25, 2013, 03:32 pm

Title: Using an out of date TOR bundle
Post by: samuelkane on April 25, 2013, 03:32 pm

I had not updated my TOR bundle in a while, i got lazy, but with all the DDOS fuzz and after reading the attacker was probably using a TOR exploit, i decided to update.
Now i'm wondering what risks are involved in using an out of date TOR bundle??

grts,

sam

Title: Re: Using an out of date TOR bundle
Post by: astor on April 25, 2013, 03:39 pm

This is a good reason to read the official Tor Blog: https://blog.torproject.org

They make a new post for every TBB release to let you know what has changed. Sometimes they simply update the software to new versions (Tor, Vidalia, Firefox, Torbutton, Noscript, HTTPS Everywhere), but other times they fix critical security bugs. For example, about a year ago it was discovered that web sockets would bypass the TorBrowser proxy settings and connect over clearnet:

https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs

So the vulnerabilities you are exposed to depend on the version you are running. It may be nothing or it may be something significant. However, you should make it a habit to always run the latest TBB version.