Forgot your password?
typodupeerror
Encryption Privacy Security

Tor Blacklisting Exit Nodes Vulnerable To Heartbleed 56

Posted by timothy
from the all-tor-up dept.
msm1267 (2804139) writes "The Tor Project has published a list of 380 exit relays vulnerable to the Heartbleed OpenSSL vulnerability that it will reject. This comes on the heels of news that researcher Collin Mulliner of Northeastern University in Boston found more than 1,000 nodes vulnerable to Heartbleed where he was able to retrieve plaintext user traffic. Mulliner said he used a random list of 5,000 Tor nodes from the Dan.me.uk website for his research; of the 1,045 vulnerable nodes he discovered, he recovered plaintext traffic that included Tor plaintext announcements, but a significant number of nodes leaked user traffic in the clear."
This discussion has been archived. No new comments can be posted.

Tor Blacklisting Exit Nodes Vulnerable To Heartbleed

Comments Filter:
  • by TechyImmigrant (175943) on Thursday April 17, 2014 @12:36PM (#46780195) Journal

    >It will cost billions to fix for the US and the taxpayers will foot the bill.

    I haven't noticed the sky fall in yet. Maybe that information didn't need to be secret.

  • by TechyImmigrant (175943) on Thursday April 17, 2014 @02:23PM (#46781323) Journal

    > the fact that the US Federal government is spending billions of dollars to try to repair some of the damage from Snowden's theft and leaks

    They are choosing to spend the money, but they haven't demonstrated the damage.

    I see many benefits. The security community and users have a better understanding of the risk landscape and have been changing their behavior as a result.

  • by drkstr1 (2072368) on Thursday April 17, 2014 @02:27PM (#46781365)

    I guess you don't count the fact that the US Federal government is spending billions of dollars to try to repair some of the damage from Snowden's theft and leaks as detrimental. You'll be helping to pay for that since you live in the US. No doubt GCHQ will be paying some bills as well.

    There has certainly been other fallout from that, but apparently we can count on you to never go looking for it.

    Wait, that argument isn't logical. What is the government spending billions of dollars trying to repair some of the damage if there are no detrimental affects from the leaks (which you confirmed in your rebuttal)? Sounds to me like they are spending billions of dollars covering up the mess they themselves created. Maybe they should just stop doing that. Problem solved.

  • by TheCarp (96830) <`ten.tenaprac' `ta' `cjs'> on Thursday April 17, 2014 @03:24PM (#46781955) Homepage

    > It will cost billions to fix for the US and the taxpayers will foot the bill.

    It already cost us billions, and it was always going to cost us billions more. Any suggestion they were not going to waste that money anyway is just laughable. They will spend as much as they can justify in their crusade against whatever bogeymen they can dream up.

The most important early product on the way to developing a good product is an imperfect version.

Working...