[tor-relays] Long-term effect of Heartbleed on Tor
Alexander Dietrich
alexander at dietrich.cx
Wed Apr 9 19:07:47 UTC 2014
According to Qualys, they have developed a test that "verifies the
problem without retrieving any bytes from the server, other than the
bytes we send in the heartbeat request":
https://community.qualys.com/blogs/securitylabs/2014/04/08/ssl-labs-test-for-the-heartbleed-attack
Best regards,
Alexander
---
PGP Key: 0xC55A356B | https://dietrich.cx/pgp
On 2014-04-09 20:51, Paul Pearce wrote:
>> * Should authorities scan for bad OpenSSL versions and force their
>> weight
>> down to 20?
>
> I'd be interested in hearing people's thoughts on how to do such
> scanning ethically (and perhaps legally). I was under the impression
> the only way to do this right now is to actually trigger the bounds
> bug and export some quantity (at least 1 byte) of memory from the
> vulnerable machine.
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list