[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Apr 8 01:40:18 UTC 2014
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/14 ===
===========================================================================
version 38
Author: harmony
Date: 2014-04-08T00:50:57+00:00
start openssl bug item (will update)
--- version 37
+++ version 38
@@ -11,6 +11,40 @@
Welcome to the fourteenth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what’s happening in the Tor community.
+
+The Heartbleed Bug and Tor
+--------------------------
+
+OpenSSL bug CVE-2014-0160 [XXX], also known as the Heartbleed bug [XXX],
+“allows anyone on the Internet to read the memory of systems protected
+by the vulnerable versions of the OpenSSL software”, potentially
+enabling the compromise of information including “user names and
+passwords, instant messages, emails, and business critical documents and
+communication”. Tor is one of the very many networking programs that use
+OpenSSL to communicate over the Internet, so within a few hours of the
+bug’s disclosure Roger Dingledine posted [XXX] a security advisory
+containing some initial thoughts on how it might affect different areas
+of the Tor ecosystem.
+
+“The short version is: upgrade your openssl” [XXX]. Tor Browser users
+should await new packages, while those using a system Tor should upgrade
+their OpenSSL version and manually restart their Tor process. For relay
+operators, “best practice would be to update your OpenSSL package,
+discard all the files in keys/ in your DataDirectory, and restart your
+Tor to generate new keys”, and for hidden service administrators, “to
+move to a new hidden-service address at your convenience”. Clients,
+relays, and services using an older version of OpenSSL, including Tails,
+are not affected by this bug.
+
+Ultimately, “if you need strong anonymity or privacy on the Internet,
+you might want to stay away from the Internet entirely for the next few
+days while things settle.” Be sure to read Roger’s post in full if you
+are unsure what this bug might mean for you.
+
+ [XXX]: https://www.openssl.org/news/vulnerabilities.html#2014-0160
+ [XXX]: http://heartbleed.com/
+ [XXX]: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-April/032602.html
A hall of Tor mirrors
---------------------
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list