[tor-relays] Long-term effect of Heartbleed on Tor
Paul Pearce
pearce at cs.berkeley.edu
Wed Apr 9 18:51:45 UTC 2014
> * Should authorities scan for bad OpenSSL versions and force their weight
> down to 20?
I'd be interested in hearing people's thoughts on how to do such
scanning ethically (and perhaps legally). I was under the impression
the only way to do this right now is to actually trigger the bounds
bug and export some quantity (at least 1 byte) of memory from the
vulnerable machine.
More information about the tor-relays
mailing list