[tor-relays] Long-term effect of Heartbleed on Tor

Alexander Dietrich alexander at dietrich.cx
Wed Apr 9 19:07:47 UTC 2014

According to Qualys, they have developed a test that "verifies the 
problem without retrieving any bytes from the server, other than the 
bytes we send in the heartbeat request":

Best regards,
PGP Key: 0xC55A356B | https://dietrich.cx/pgp

On 2014-04-09 20:51, Paul Pearce wrote:
>> * Should authorities scan for bad OpenSSL versions and force their 
>> weight
>> down to 20?
> I'd be interested in hearing people's thoughts on how to do such
> scanning ethically (and perhaps legally). I was under the impression
> the only way to do this right now is to actually trigger the bounds
> bug and export some quantity (at least 1 byte) of memory from the
> vulnerable machine.
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list