


Tor Blacklisting Exit Nodes Vulnerable To Heartbleed 56
msm1267 (2804139) writes "The Tor Project has published a list of 380 exit relays vulnerable to the Heartbleed OpenSSL vulnerability that it will reject. This comes on the heels of news that researcher Collin Mulliner of Northeastern University in Boston found more than 1,000 nodes vulnerable to Heartbleed where he was able to retrieve plaintext user traffic. Mulliner said he used a random list of 5,000 Tor nodes from the Dan.me.uk website for his research; of the 1,045 vulnerable nodes he discovered, he recovered plaintext traffic that included Tor plaintext announcements, but a significant number of nodes leaked user traffic in the clear."
The only thing that may be leaked in addition... (Score:5, Informative)
... to what Tor already leaks, is the previous hop from which the exit traffic came, and possibly meta data on other tunnels relayed by (but not terminated at) the node. If the relayed connection is SSL/TLS encrypted, that encryption is end-to-end from the original client to the server; sniffing some exit-node memory does not help you there. If the related connection is in the plain, then, well, then sniffing the exit node's memory does not tell you any more than you already knew by looking at its plain-text traffic.
Now, Heartbleed is not completely harmless here: You may, if you're very lucky, be able to sniff the previous node name, but as Tor tunnels are longer than that, that does not help you much. Plus, tunnels endpoints tend to change every couple of minutes, making the cross section even smaller. Also, you may now be in a position to sniff data from nodes whose ISP network you do not control, allowing you to do network-wide attacks. That may in fact be the biggest problem.
Re:So much for Net Neutrality. (Score:5, Informative)
Re:The only thing that may be leaked in addition.. (Score:5, Informative)