Talking tech since 2003

Heartbleed, the horrible little security exploit that has caused nearly mass panic and confusion across the entirety of the internet over the past couple of days, has taken another victim – web anonymizing service Tor.

Tor relies on a network of donated servers located across the entire world, and as it turns out, “about 12%” of these servers are running OpenSSL versions 1.0.1 to 1.0.1f – the versions of OpenSSL vulnerable to Heartbleed. As such, these servers are vulnerable to the easily exploitable security issue, which would substantial put at risk any user whose data passes through these servers. Worse, hackers could use these effected servers to discover internal documentation on the Tor network at self, putting the Tor network in its entirety at substantial risk.

That’s why Tor initial developer Roger Dingledine has suggested that these infected servers be kicked off the network, a move that would cut into “about 12% of the exit capacity and 12% of the guard capacity.” Dingledine is willing to let these servers back on the network after they’ve been upgraded, but those who don’t upgrade their servers fast enough might not be back allowed on the network even after an upgrade, likely over potential future security concerns.


Comments

Sign in or become a BestTechie member to join the conversation.
Just enter your email below to get a log in link.

Subscribe to BestTechie Plus

You've successfully subscribed to BestTechie
Welcome back! You've successfully signed in.
Great! You've successfully signed up.
Your link has expired
Success! Your account is fully activated, you now have access to all content.