This vulnerability was fixed 2 months ago, if you installed it tor using a package manager (such as synaptic) and you kept your system up to date then you are fine. if you installed it using a gzip or the source then you might be at risk, and if you installed it on windows then you are screwed anyway.

open a terminal and type:
tor --version
Look for the version "Tor v0.2.2.35" if it says v0.2.2.34 or below then you need an upgrade.

Now a rant...
TOR is awesome, but it isn't perfect. It's very possibly the best that is available to us a the moment. Be sure that the feds have ways around it. If they want to know who you are they will find ways around it. but it sure as hell makes their lives a hell of a lot harder, and hence cost them more to do the same thing. In general, the greatest weak point of TOR is the exit node. A rouge exit node can leave you vulnerable, it can make your https connection into insecure http using a man in the middle technique. if it can convince your client to connect to the rouge exit node then they in essence jack your connection.

To see what TOR is doing, you need to send it a SIGUSR2, this will enable debug output.
$killall -SIGUSR2 tor
$tail -f /var/log/tor/log
If anything looks wierd, restart tor and check again
$/etc/init.d/tor restart

This tor hidden service has some useful information about how to block an exit node
 http://xqz3u5drneuzhaeo.onion/users/badtornodes/
unfortunately, it is no longer up to date, but still has plenty of exit nodes you should block.
 http://torstatus.blutmagie.de/
This has some more up to date list, but isn't a hidden service...

Now, this is a call for anyone with a server and a decent bandwidth to donate. we need a UK-ish based security infrastructure for activists. we need to set up a few things before the killswitch is implemented.
This is a sort of call out to the techies out there...
We need a VPN, urgently! this will give us another layer of anonymity.
We need some hidden services host. In particular I would like (though we don't actually need it) a hidden diaspora service.
We need to start setting up mesh (ad hoc) networks across the UK to bypass a killswitch, this is still largely experimental technology, but very soon we could be relying on it, so if you have a small community anywhere with wireless reach, start setting up BATMAN or netsukuku, and start making easy install methods. this is the only way we'll have to communicate once the internet is down.

We need to educate the masses, desperately. I am surprised every time when I hear that most people still don't know how to encrypt files and emails. Everything you send in plain text remains in plain text on your mailing server. anything encrypted is extraordinarily difficult for the feds to access (providing they don't have your private key). People still don't understand the importance of online anonymity. please start educating yourself ASAP.

Don't panic,but be prepared!

+1 and then some to "missing". Thank you!

but to be honest I am not a techie but I am certainly willing to consider helping out as I can. I study and work. but have some available band-width, use GNU/Linux, run Tor and am all up for the cause. Now what? How do I find the quickest way of getting up to speed with assisting activist and liberated computer networking and security without having to study computer science to do so effectively? Don't even know how to phrase this in a meaningful - more precise and non-commercial - phrase for Scroogle. Any pointers for we non-techies?

Yes, the guy running the exit node can read the bytes that come in and out there. Tor anonymizes the origin of your traffic, and it makes sure to encrypt everything inside the Tor network, but it does not magically encrypt all traffic throughout the Internet.

This is why you should always use end-to-end encryption such as SSL for sensitive Internet connections. (The corollary to this answer is that if you are worried about somebody intercepting your traffic and you're *not* using end-to-end encryption at the application layer, then something has already gone wrong and you shouldn't be thinking that Tor is the problem.)

Tor does provide a partial solution in a very specific situation, though. When you make a connection to a destination that also runs a Tor relay, Tor will automatically extend your circuit so you exit from that circuit. So for example if Indymedia ran a Tor relay on the same IP address as their website, people using Tor to get to the Indymedia website would automatically exit from their Tor relay, thus getting *better* encryption and authentication properties than just browsing there the normal way.

We'd like to make it still work even if the service is nearby the Tor relay but not on the same IP address. But there are a variety of technical problems we need to overcome first (the main one being "how does the Tor client learn which relays are associated with which websites in a decentralized yet non-gamable way?").

OccupyOS is a live CD distribution based on Gentoo Linux and inspired by the occupy Wall Street movement, it has been designed to allow activists from all over the world to anonymously edit and publish documents on the web, as well as managing Twitter and Facebook accounts, securely communicating with other activists while bypassing any ISP Internet filter, this is accomplished using tor or a VPN for web browsing and general internet access, encrypted voice chat using Mumble, encrypted instant messenger with Pidgin-OTR (Off The Record Plugin) and Xchat with OTR for anonymous IRC chat, MAC address changer to stop others from linking your computer network card with ISP logs , VNC to remotely connect to other computers, OpenSSH, OpenSSL, sfdisk to manage disk partitions and The Gimp to edit images. ...

...are there any specific suggestions for a SquirrelMail user who can handle Truecrypt and the Browser Bundle?

The original *QUESTION* posed by the US Naval Research Laboratory that led to the
invention of Onion Routing was, "Can we build a system that allows for
bi-directional communications over the Internet where the source and
destination cannot be determined by a cacheing mid-point?"

The *PURPOSE* was for DoD / Intelligence usage (open source intelligence gathering, covering
of forward deployed assets, whatever).

Not helping dissidents in repressive countries. Not assisting criminals in covering their
electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA
prosecution. Not giving a 10 year old a way to bypass an anti-porn
filter.

Of course, we knew those would be other unavoidable uses for
the technology, but that was immaterial to the problem at hand we were
trying to solve (and if those uses were going to give us more cover
traffic to better hide what we wanted to use the network for, all the
better...I once told a flag officer that much to his chagrin). I should
know, I was the recipient of that question from David, and Paul was
brought into the mix a few days later after I had sketched out a basic
(flawed) design for the original Onion Routing.

The short answer to your question of "Why would the government do this?"
is because it is in the best interests of some parts of the government
to have this capability...

Michael G. Reed
Michael Reed

TOR
 http://cryptome.org/isp-spy/TOR-spy.pdf