Whonix / _: Recent posts

Unmaintained Notice! – Whonix inside KVM – Looking for contributor!

Since previous Whonix in KVM maintainer HulaHoop was last active on January 04, 2015, it's safe to assume this person got lost. No idea why HulaHoop went inactive. There was no notice of departure, argument or whatsoever. I would like to thank HulaHoop for its work on support for running Whonix inside KVM. As of Whonix 9, the status was "testers-only" and would likely have changed to "stable" in Whonix 10. So most integration work is already done. A new contributor would be welcome to take over from there.... read more

Posted by SourceForge Robot 3 days ago

Bug: Tor Browser Alpha rather than Tor Browser Stable being installed by Tor Browser Updater (AnonDist)

The version file format was changed, and there is no stable version version format.

If you want to use the stable version of Tor Browser, you have to use these instructions in meanwhile:
https://www.whonix.org/wiki/Manually_Updating_Tor_Browser... read more

Posted by SourceForge Robot 2015-02-05

Abstain from using Stream Isolation SocksPort 9152

Easy / TLDR:
Using stream isolation (https://www.whonix.org/wiki/Stream_Isolation) with custom ports? With port 9152?
Don't do this anymore in Whonix 10 and above! Use any higher port numbers as per stream isolation documentation!

Long:

Reasons:
Tor Messenger will use that port in future. (https://phabricator.whonix.org/T107)
Enabling IsolateDestAddr and IsolateDestPort for it (https://trac.torproject.org/projects/tor/ticket/14382) might be recommended.... read more

Posted by SourceForge Robot 2015-01-26

Whonix Signing Key Expired (KEYEXPIRED Error)

Posted by SourceForge Robot 2015-01-18

Tor Browser’s Internal Updater – Security Warning

Until further notice, it is recommended against using Tor Browser's Internal Updater for security reasons. More information and how to securely update is documented in the wiki, see: https://www.whonix.org/wiki/Tor_Browser#Updating User support discussion: https://www.whonix.org/forum/index.php/topic,810 Forum development discussion: https://www.whonix.org/forum/index.php/topic,807

The post Tor Browser's Internal Updater - Security Warning appeared first on Whonix.
link

Posted by SourceForge Robot 2014-12-07

Whonix 9.4 Maintenance Release

Existing users can upgrade the usual way using apt-get, see also: https://www.whonix.org/wiki/Security_Guide#Updates

Read more ›

The post Whonix 9.4 Maintenance Release appeared first on Whonix.
link

Posted by SourceForge Robot 2014-11-17

hidden service for whonix.org taken offline

Fortasse (whonix.org webmaster) and I agreed to take down the hidden service for whonix.org http://xxxxxxxxxxh5kyrx.onion. (If you're wondering, why we provided a hidden service, but didn't use it for location privacy, see: https://www.whonix.org/wiki/Forcing_.onion_on_Whonix.org\) The reason for this unfortunate change is, that…

Read more ›... read more

Posted by SourceForge Robot 2014-11-09

Whonix 9.3 Maintenance Release

Download:
https://www.whonix.org/wiki/Download

Upgrading:
Existing users can upgrade the usual way using apt-get, see also: https://www.whonix.org/wiki/Security_Guide#Updates

Changelog between 9 and 9.3:
- anon-gw-anonymizer-config: Fixed startup of Tor due to an AppArmor conflict as per bug reports in the forums https://www.whonix.org/forum/index.php/topic,559.0.html. Needed to out commented "/usr/bin/obfsproxy rix," in file "/etc/apparmor.d/local/system_tor.anondist" because The Tor Project added "/usr/bin/obfsproxy PUx," to file "/etc/apparmor.d/abstractions/tor". Therefore users of obfsproxy will now end up running obfsproxy unconfined, because we would now require a standalone obfsproxy AppArmor profile. Note, that this is not a Whonix specific issue. Also if you were using plain Debian, no one redistributes an obfsproxy AppArmor profile at time of writing.
- updated frozen sources (contains apt-get and bash security fixes)
- updated frozen sources (contains bash shellshock #2 fixes)
- anon-ws-disable-stacked-tor: Tor Browser 4.x compatibility fix
- tb-starter: Tor Browser 4.x compatibility fix... read more

Posted by SourceForge Robot 2014-10-18

Bug: Tor no longer starts after upgrade / no Tor pid error – Workaround

If you are affacted by this bug, please see the following link for a workaround:
- https://www.whonix.org/wiki/Download#Connection_Issues_-_Tor_stops_working_after_an_Upgrade_and_needs_a_Workaround

Use this forum thread to discuss it if you have any questions:
- https://www.whonix.org/forum/index.php/topic,559.0.html... read more

Posted by SourceForge Robot 2014-09-24

Whonix Anonymous Operating System Version 9 Released!

Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP.

Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call
Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.... read more

Posted by SourceForge Robot 2014-09-19

restart services after upgrading – documentation update

Whonix's documentation on updating the operating system ( https://www.whonix.org/wiki/Security_Guide#Updates ) has been updated. There is now a new chapter "restart services after upgrading" that you should be aware of:
https://www.whonix.org/wiki/Security_Guide#Restart_Services_after_Upgrading

The post restart services after upgrading - documentation update appeared first on Whonix.
link

Posted by SourceForge Robot 2014-09-05

The Tor Project’s apt repository key expired

At the moment The Tor Project's apt repository key is expired. You'll see the following warning.

W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.torproject.org stable Release: The following signatures were invalid: KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681

W: Failed to fetch http://deb.torproject.org/torproject.org/dists/stable/Release

W: Some index files failed to download. They have been ignored, or old ones used instead.
Instructions how to update the operating system ( https://www.whonix.org/wiki/Security_Guide#Updates ) have been extended:... read more

Posted by SourceForge Robot 2014-08-30

Hidden Service Tor security advisory: “relay early”

Quote The Tor Blog.

[...] Hidden service operators should consider changing the location of their hidden service. [...]

For technical information see the full blog post on The Tor Blog.

(This is the same security advisory as Tor security advisory: "relay early" traffic confirmation attack - just highlighting the news for hidden service hosts here.)... read more

Posted by SourceForge Robot 2014-08-05

Tor security advisory: “relay early” traffic confirmation attack

Quote The Tor Blog.

SUMMARY:

On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.

The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.

Unfortunately, it's still unclear what "affected" includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too.

[...], to close the particular protocol vulnerability the attackers used [...]... read more

Posted by SourceForge Robot 2014-08-05

Whonix 8.2 Maintenance Release

Download:
https://www.whonix.org/wiki/Download

Changelog:
- updated Debian packages including Heartbleed OpenSSL bug fix
- Whonix's Tor Browser updater: download from torproject's clearnet domain instead of torproject's onion domain by default, because the onion domain is too slow/can't handle the load. Downloading form the onion domain is possible using -onion.
- no longer recommending to use VirtualBox's snapshot feature in VirtualBox's VM import text due to data loss bug in VirtualBox... read more

Posted by SourceForge Robot 2014-05-01

new SSL certificate and new secondary .onion domain

Our clearnet domain continues to be reachable:
https://www.whonix.org

Due to the heartbleed bug we needed to create a new .onion domain:
http://xxxxxxxxxxh5kyrx.onion

If you are wondering what our .onion domain is useful for anyway, see this note:
https://www.whonix.org/wiki/Forcing_.onion_on_Whonix.org

Due to the heartbleed bug we also needed to get a new SSL certificate. We used this opportunity to get an SSL certificate from Gandi. (We used a SSL certificate from startssl.com before.)... read more

Posted by SourceForge Robot 2014-04-09

Security Advisory: Whonix and the OpenSSL Heartbleed bug

On Whonix-Gateway and Whonix-Workstation,
due to the Heartbleed bug in OpenSSL, you are advised to run:

sudo apt-get update && sudo apt-get dist-upgrade

as fast as possible.

Additionally, on Whonix-Gateway restart Tor:

sudo service tor restart

(or simply reboot).

(You only have to do this once. Otherwise do just regular upgrades.)

Hidden Services:
If you are using hidden services (TorChat, hidden web server, etc.), you should also create a new hidden service domain name, for more information, see:
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160... read more

Posted by SourceForge Robot 2014-04-08

whonix.org Server Downtime

Because of Heartbleed OpenSSL vulnerability, most of our keys are being restructured. Expect weirdness / downtime for the next couple hours / days.

The post whonix.org Server Downtime appeared first on Whonix.
link

Posted by SourceForge Robot 2014-04-08

Whonix 8.1 Maintenance Release

Usability fixes for new users only. There is no rush to update.

Download link for Virtual Box images (.ova), experimental .qcow images and OpenPGP signatures (.asc):

https://www.whonix.org/Download

Changelog:
- updated Debian packages
- fixed Tor restart bug when updated by apt-get

The post Whonix 8.1 Maintenance Release appeared first on Whonix.
link

Posted by SourceForge Robot 2014-03-30

Whonix Anonymous Operating System Version 8 Released!

Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP. Whonix consists of two parts: One solely runs Tor and acts as a […]

The post Whonix Anonymous Operating System Version 8 Released! appeared first on Whonix | Privacy and Anonymity OS.
link

Posted by SourceForge Robot 2014-02-27

Testers wanted! Whonix 7.7.6.4

Posted by SourceForge Robot 2014-02-02

Older Posts

Posted by SourceForge Robot 2014-02-01

GnuPG key transition

I've got a new gnupg key. The full announcement can be read here: https://www.whonix.org/pipermail/whonix-devel/2014-January/000120.html!
link

Posted by SourceForge Robot 2014-01-18

GnuPG key transition – Update 1

I've got a new gnupg key. The full announcement can be read here: https://www.whonix.org/wiki/Adrelanos Update 1: As a commenter pointed out, the old link could not be verified due to a bad signature. This is because mailing list archives replace @ with _at_ and therefore disrupt the message integrity. The full announcement can be read […]
link

Posted by SourceForge Robot 2014-01-18

New Whonix Forum

We have a new forum. Can be reached under https://www.whonix.org/forum or http://kkkkkkkkkk63ava6.onion/forum.

The new link can also be found on the Support page:

https://www.whonix.org/wiki/Support

This was necessary, because this forum has a bugs we're unable to fix in reasonable time:

https://www.whonix.org/wiki/Special:AWCforum/st/id35/New_forum,_new_bugs….html

Old topics may still be discussed in the old forum. Please do not create new topics the old forum. Use the new forum for that.... read more

Posted by SourceForge Robot 2014-01-15