from https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 :
>
1. *Clients*: Tor Browser shouldn't be affected, since it uses libnss
rather than openssl. But Tor clients could possibly be induced to send
sensitive information like "what sites you visited in this session" to your
>> http://heartbleed.com/
>> ...
>
> Patch your stuff.
Indeed. Please see...
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor
On Tue, Apr 8, 2014, at 12:17 AM, Roger Dingledine wrote:
> A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today,
> which can be used to reveal up to 64kB of memory to a connected client
> or server.
>
> https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
>
> The short versio
A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today,
which can be used to reveal up to 64kB of memory to a connected client
or server.
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
The short version is: upgrade your openssl (unless you're running an
old one), and also mo
> http://heartbleed.com/
>
> The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
> cryptographic software library. This weakness allows stealing the
> information protected, under normal conditions, by the SSL/TLS encryption
> used to secure the Internet. SSL/TLS provides communica
coderman:
> On Wed, Apr 2, 2014 at 10:59 AM, Rusty Bird wrote:
>> Maybe it can be boiled down to this: When redirecting *and* filtering,
>> the filtering should be done in OUTPUT (instead of INPUT), ...
>
> this is where defense in depth at the multiple-virtual machine /
> routing layer fails saf
