[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is Tor network still vulnerable to Heartbleed?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Is Tor network still vulnerable to Heartbleed?
From: sssheep <sssheep@xxxxxxxxxxx>
Date: Fri, 18 Apr 2014 20:32:57 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 18 Apr 2014 17:12:00 -0400
In-reply-to: <20140414184209.80010AE39C@xxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <534BE66C.70503@xxxxxxx> <20140414184209.80010AE39C@xxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mon, 14 Apr 2014 18:42:09 +0000 (UTC)
ÐÑÑÑÑ ÐÑÑÐÐÐÐ <art.istom@xxxxxxxxx> wrote:

> On Mon, Apr 14, 2014 at 01:45:16PM +0000, antispam06@xxxxxxx wrote:
> > In his announcement, arma noted it would be a good idea to stay away
> > from the Internet. Is it ok?
> 
> Yeah, let's go to FIDO! :)
> 
> The more you wait (without Internet), the more servers will be
> updated less likely that you'll find yourself a victim of this
> vulnerability in OpenSSL. But now this will probably never be zero.
> So relax and be happy :)

As of right now (Fri Apr 18 19:01:21 UTC 2014), the amount of
vulnerable relays is:

> Bleeding Consensus Weight %: 0.0129271197714
> Number of bleeding relays: 34

You can see an updated list at
https://encrypted.redteam.net/bleeding_relays/

The network's pretty solid now. The Tor Directory Authorities have
marked most (if not all) of the vulnerable relays as '!invalid' meaning
no circuits will flow to them and they will see error messages in their
logs.

To answer your question, no, the Tor network is invulnerable to
Heartbleed. Wait out a little longer if you want to be sure. This
doesn't mean Tor is safe from other OpenSSL bugs. 

The OpenBSD folk are working on fixing up OpenSSL
(http://opensslrampage.org/) which may be of interest.

hth
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Is Tor network still vulnerable to Heartbleed?
  - From: antispam06

Prev by Author: Re: [tor-talk] Tor hidden services not working
Next by Author: [tor-talk] Programming language for anonymity network
Previous by thread: Re: [tor-talk] Is Tor network still vulnerable to Heartbleed?
Next by thread: Re: [tor-talk] Tor Talk question (XMPP with public registration via Tor services)
Index(es):
- Author
- Thread