I don't know that it's true, but it's certainly plausible that these hosts used OpenSSL versions prior to 1.0.1. Many other sites were in the same position.
> Tor's Bleeding Edge nodes (guards and exits) [1]
Seriously, the choice of Heartbleed as a name is genius. It makes for so many awesome derivative names. I mean c'mon, "Bleeding Edges?" That's brilliant.
Heartbleed seems to be more plausible answer to how NSA has cracked Tor instead of the global whole-Internet-scale input-output analysis. Well, at least i hope it is so...
They haven't needed to, they can simply run exit nodes:
"If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on. Who would pay for this and be anonymous?"[1]
The only other plausible explanation I can think of, is that some Tor exit nodes are running on high-end machines without their owners' consent or knowledge.
Because no one owning, working or operating a ISP would ever, ever, dream of sponsoring some cable time to an anonymity network. They might be technical people who's job it is to work with computer networks, by why would they be interested in computer network technology? That would be like a technology company sponsoring open source project with work hours.
If your node can't be a guard unless it has sufficient uptime and hasn't shared a name with any other node for six months, where does that put you when you upgrade your OpenSSL and generate new keys? Now my relay has a different fingerprint with the same nickname as before, and downtime, so it can't be an entry point anymore. How many entry points were lost because of this?
19 comments
[ 2.9 ms ] story [ 55.7 ms ] threadPeople that set up the exit and didn't really look at the machine since then
Seriously, the choice of Heartbleed as a name is genius. It makes for so many awesome derivative names. I mean c'mon, "Bleeding Edges?" That's brilliant.
[1] https://encrypted.redteam.net/bleeding_edges/
Edit: I'm a TOR noob, I have no idea what a Valid flag does. Why wouldn't it show up in logs the same way?
I thought for a while about taking away their Valid flag rather than rejecting them outright, but this way they'll get notices in their logs.
It could be an effective way of unmasking the identity of hidden services, if they happen to have chosen such a node as their entry guard.
"If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on. Who would pay for this and be anonymous?"[1]
[1]http://en.wikipedia.org/wiki/Tor_(anonymity_network)#Exit_no...