On Mon, 14 Apr 2014 18:42:09 +0000 (UTC) Артур Истомин <[email protected]> wrote:
> On Mon, Apr 14, 2014 at 01:45:16PM +0000, [email protected] wrote: > > In his announcement, arma noted it would be a good idea to stay away > > from the Internet. Is it ok? > > Yeah, let's go to FIDO! :) > > The more you wait (without Internet), the more servers will be > updated less likely that you'll find yourself a victim of this > vulnerability in OpenSSL. But now this will probably never be zero. > So relax and be happy :) As of right now (Fri Apr 18 19:01:21 UTC 2014), the amount of vulnerable relays is: > Bleeding Consensus Weight %: 0.0129271197714 > Number of bleeding relays: 34 You can see an updated list at https://encrypted.redteam.net/bleeding_relays/ The network's pretty solid now. The Tor Directory Authorities have marked most (if not all) of the vulnerable relays as '!invalid' meaning no circuits will flow to them and they will see error messages in their logs. To answer your question, no, the Tor network is invulnerable to Heartbleed. Wait out a little longer if you want to be sure. This doesn't mean Tor is safe from other OpenSSL bugs. The OpenBSD folk are working on fixing up OpenSSL (http://opensslrampage.org/) which may be of interest. hth -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
