URGENT: active OpenSSL "Heartbleed" attack on Tor Nodes - tor-relays - lists.torproject.org

newer
Re: [tor-relays] Metrics for...

URGENT: active OpenSSL "Heartbleed" attack on Tor Nodes

older
Tor download signatures

starlight.2014q2＠binnacle.cx

8 Apr 2014 8 Apr '14

10:30 p.m.

Have been running Tor relay with AddressSanitizer and it crashed this morning. I thought it was related to the system being close to running out of free memory until I read about the new OpenSSL vulnerability. Anyone running a Tor relay with OpenSSL 1.0.1 should update the library or rebuild against an older version immediately!!!!

Attachments:

openssl_heartbleed_tornode_attack.txt (text/plain — 2.8 KB)

Reply

Sign in to reply online Use email software

Show replies by date

Roger Dingledine

8 Apr 8 Apr

10:48 p.m.

On Tue, Apr 08, 2014 at 06:30:28PM -0400, starlight.2014q2@binnacle.cx wrote:

Have been running Tor relay with AddressSanitizer and it crashed this morning.

People on #tor are helping us enumerate vulnerable relays, so while this plausibly is an instance of "somebody testing for the vulnerability", it doesn't tell us much more about whether bad guys are doing attacks too.

Anyone running a Tor relay with OpenSSL 1.0.1 should update the library or rebuild against an older version immediately!!!!

Agreed. You probably want to discard your relay identity keys afterwards too. See the big threads about exactly this topic. --Roger

Reply

Sign in to reply online Use email software

4061

Age (days ago)

4061

Last active (days ago)

Download

1 comments

2 participants

tags

participants (2)

Roger Dingledine
starlight.2014q2＠binnacle.cx