19 comments

[ 2.9 ms ] story [ 55.7 ms ] thread
Its actually pretty impressive that 88% of tor operators have deployed OpenSSL updates. Curious how that compares to the web.
Its more likely that a lot of them are running unaffected versions of OpenSSL
This makes no sense.
I don't know that it's true, but it's certainly plausible that these hosts used OpenSSL versions prior to 1.0.1. Many other sites were in the same position.
What about tor nodes makes them more likely to be running older versions of openssl than webservers?
operator laziness?

People that set up the exit and didn't really look at the machine since then

> Tor's Bleeding Edge nodes (guards and exits) [1]

Seriously, the choice of Heartbleed as a name is genius. It makes for so many awesome derivative names. I mean c'mon, "Bleeding Edges?" That's brilliant.

[1] https://encrypted.redteam.net/bleeding_edges/

What's the difference between "!reject" and "not Valid"?

Edit: I'm a TOR noob, I have no idea what a Valid flag does. Why wouldn't it show up in logs the same way?

From the article:

I thought for a while about taking away their Valid flag rather than rejecting them outright, but this way they'll get notices in their logs.

Makes me wonder how many malicious nodes on the network might be doing a reverse Heartbleed attack on vulnerable clients.

It could be an effective way of unmasking the identity of hidden services, if they happen to have chosen such a node as their entry guard.

Heartbleed seems to be more plausible answer to how NSA has cracked Tor instead of the global whole-Internet-scale input-output analysis. Well, at least i hope it is so...
Can you provide a source for the NSA cracking tor?
Can you provide a source for the NSA cracking anything ?
beside that being the question of the day if not the month, do you imply that my tax dollars have been just wasted fruitlessly?
They haven't needed to, they can simply run exit nodes:

"If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on. Who would pay for this and be anonymous?"[1]

[1]http://en.wikipedia.org/wiki/Tor_(anonymity_network)#Exit_no...

The only other plausible explanation I can think of, is that some Tor exit nodes are running on high-end machines without their owners' consent or knowledge.
Because no one owning, working or operating a ISP would ever, ever, dream of sponsoring some cable time to an anonymity network. They might be technical people who's job it is to work with computer networks, by why would they be interested in computer network technology? That would be like a technology company sponsoring open source project with work hours.
I'm fairly certain ISP owners with high-end hardware would not risk their business running Tor exit nodes.
If your node can't be a guard unless it has sufficient uptime and hasn't shared a name with any other node for six months, where does that put you when you upgrade your OpenSSL and generate new keys? Now my relay has a different fingerprint with the same nickname as before, and downtime, so it can't be an entry point anymore. How many entry points were lost because of this?