[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] URGENT: active OpenSSL "Heartbleed" attack on Tor Nodes

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] URGENT: active OpenSSL "Heartbleed" attack on Tor Nodes
From: Roger Dingledine <arma@xxxxxxx>
Date: Tue, 8 Apr 2014 18:48:58 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 Apr 2014 18:49:11 -0400
In-reply-to: <6.2.5.6.2.20140408182534.08269500@xxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6.2.5.6.2.20140408182534.08269500@xxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-06-14)

On Tue, Apr 08, 2014 at 06:30:28PM -0400, starlight.2014q2@xxxxxxxxxxx wrote:
> Have been running Tor relay with
> AddressSanitizer and it crashed this
> morning.

People on #tor are helping us enumerate vulnerable relays, so while this
plausibly is an instance of "somebody testing for the vulnerability",
it doesn't tell us much more about whether bad guys are doing attacks too.

> Anyone running a Tor relay with OpenSSL
> 1.0.1 should update the library or
> rebuild against an older version
> immediately!!!!

Agreed.

You probably want to discard your relay identity keys afterwards too.

See the big threads about exactly this topic.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] URGENT: active OpenSSL "Heartbleed" attack on Tor Nodes
  - From: starlight . 2014q2

Prev by Author: Re: [tor-relays] Relays vulnerable to OpenSSL bug: Please upgrade
Next by Author: Re: [tor-relays] Relays vulnerable to OpenSSL bug: Please upgrade
Previous by thread: [tor-relays] URGENT: active OpenSSL "Heartbleed" attack on Tor Nodes
Next by thread: Re: [tor-relays] running Tor relay live with AddressSanitizer
Index(es):
- Author
- Thread