[tor-talk] Heartbleed and TOR
Christopher J. Walters
cwal989 at comcast.net
Thu Apr 10 20:44:51 UTC 2014
Since I am neither an expert on OpenSSL nor TOR, let's get one question out of
the way before anything further is said on the topic: Does TOR actually use
potentially vulnerable versions of OpenSSL (or use it at all, for that matter)?
If so, then it *could* pose a risk to TOR (until and unless the version of
OpenSSL that TOR uses is patched). If NOT, then this bug does not affect TOR.
In any event, the BEST places to get information on OpenSSL and the Heartbleed
bug are the official Heartbleed web site, and the OpenSSL mailing lists.
From what I have read, the bug is a server side bug, and does not pose much
risk to regular users (aside from the risk that your user names, passwords and
other information in the RAM of servers that you have used in the past 2 years
or so *MAY* have been compromised - though there are many other ways your
information could be compromised).
More information about the tor-talk
mailing list