[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Is Tor network still vulnerable to Heartbleed?
On Mon, 14 Apr 2014 18:42:09 +0000 (UTC)
ÐÑÑÑÑ ÐÑÑÐÐÐÐ <art.istom@xxxxxxxxx> wrote:
> On Mon, Apr 14, 2014 at 01:45:16PM +0000, antispam06@xxxxxxx wrote:
> > In his announcement, arma noted it would be a good idea to stay away
> > from the Internet. Is it ok?
>
> Yeah, let's go to FIDO! :)
>
> The more you wait (without Internet), the more servers will be
> updated less likely that you'll find yourself a victim of this
> vulnerability in OpenSSL. But now this will probably never be zero.
> So relax and be happy :)
As of right now (Fri Apr 18 19:01:21 UTC 2014), the amount of
vulnerable relays is:
> Bleeding Consensus Weight %: 0.0129271197714
> Number of bleeding relays: 34
You can see an updated list at
https://encrypted.redteam.net/bleeding_relays/
The network's pretty solid now. The Tor Directory Authorities have
marked most (if not all) of the vulnerable relays as '!invalid' meaning
no circuits will flow to them and they will see error messages in their
logs.
To answer your question, no, the Tor network is invulnerable to
Heartbleed. Wait out a little longer if you want to be sure. This
doesn't mean Tor is safe from other OpenSSL bugs.
The OpenBSD folk are working on fixing up OpenSSL
(http://opensslrampage.org/) which may be of interest.
hth
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk