-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I've updated OpenSSL, deleted the keys on my exit per the recommendations, and restarted the whole box. I got a new fingerprint. I'll watch to see how long the flags take to come back, but I predict it will be like a new relay. I wonder how this changes the flow rates across the Tor network. Perhaps adversary-controlled exits may not be upgraded so that they can keep their percentage advantages and take advantage of the disruption. In due time things will come back to normal.
I'd recommend that every relay operator delete their keys as well, just to be safe. Pure speculation on my part here, but a well-resourced adversary might have seized the moment and done some attacking, or perhaps they knew about it beforehand. This is a major vulnerability. Admins are revoking SSL certificates, and that's for web servers. The blog post is very helpful for outlining how this exploit affects us, but let's assume the worst here. While we're updating, how about we all make sure we are running the 0.2.4 series of Tor, preferably 0.2.4.21. Switch to the Tor Project's repositories if you haven't already. Good luck guys. Jesse V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQF8BAEBCgBmBQJTRKL/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxMjgyMjhENjEyODQ1OTU1NzBCMjgwRkFB RDk3MzY0RkMyMEJFQzgwAAoJEK2XNk/CC+yAsk4H/RezKq0rEPbdbk9HG3Wjz0rE wUWBfGh3J4oultac256USLXHBHdyWnp8sT73ZhHm9H9i+ja/OjGpEwvXFIzIW09j cLMSZTf3AwTIeA8PO3S3qZsuNUwMC6kz5XhyFeRbuaBjD93Dr29Q4/zehGtPU02j 4CEqFqegjxXWL6WoKt2JyhOaV2meEz5d2GN/F6oguzk3orwX8FWc5jOewvNcRknv stFaz17JBrzqHUQY1NDx29Dw81dO5H4+sTzM+DRvTSSLKx8R1Zbw5ApevNkoWTFg ldhv/v/pHR1UnB9gsQ+r61BK3OQIWzAaVXgeZh3PDtkfX7yg1LnrdNZ2+NhUi6w= =eBTS -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
