[tor-relays] URGENT: active OpenSSL "Heartbleed" attack on Tor Nodes

Roger Dingledine arma at mit.edu
Tue Apr 8 22:48:58 UTC 2014


On Tue, Apr 08, 2014 at 06:30:28PM -0400, starlight.2014q2 at binnacle.cx wrote:
> Have been running Tor relay with
> AddressSanitizer and it crashed this
> morning.

People on #tor are helping us enumerate vulnerable relays, so while this
plausibly is an instance of "somebody testing for the vulnerability",
it doesn't tell us much more about whether bad guys are doing attacks too.

> Anyone running a Tor relay with OpenSSL
> 1.0.1 should update the library or
> rebuild against an older version
> immediately!!!!

Agreed.

You probably want to discard your relay identity keys afterwards too.

See the big threads about exactly this topic.

--Roger



More information about the tor-relays mailing list