[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Long-term effect of Heartbleed on Tor



> * Should authorities scan for bad OpenSSL versions and force their weight
> down to 20?

I'd be interested in hearing people's thoughts on how to do such
scanning ethically (and perhaps legally). I was under the impression
the only way to do this right now is to actually trigger the bounds
bug and export some quantity (at least 1 byte) of memory from the
vulnerable machine.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays