Check it out: http://heartbleed.com/ This is how it effects Tor users: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
Heartbleed bug in SSL might be of interest to some of you.
Check it out: http://heartbleed.com/ This is how it effects Tor users: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
[2 Points] aalewis____:
[1 Points] lgats:
I made a tool to check the status of your SSL and see if heartbeat is enabled. If it is, you should run this command: openssl version -a
Ensure your version is NOT 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1, 1.0.2-beta1
[1 Points] None:
I wonder how many markets have updated to the patched OpenSSL packages. Any markets running the aforementioned OpenSSL packages could potentially have the Tor private keys stolen. This would mean there's a possibility that an onion address could be hijacked, and potentially even worse, a hacker or LE could intercept all encrypted traffic such as usernames and passwords.
The worse part is that there is no method to detect if the keys have been compromised. The only definite secure thing to do is to change all Tor keys. However, if every market changed their private keys, this would mean every onion address currently existing would change as well.
On a side note, all clearnet sites that are using the vulnerable packages suffer the same issues. This would mean using an HTTPS connection does not guarantee that the encrypted information being sent is secured. Credit cards and banking information can also be intercepted in the same manner if the server's SSL keys have been compromised.
[1 Points] bobstheyreuncle:
Big question: is reddit using OpenSSL?
Scary shit