[tor-relays] Long-term effect of Heartbleed on Tor

Paul Pearce pearce at cs.berkeley.edu
Wed Apr 9 18:51:45 UTC 2014


> * Should authorities scan for bad OpenSSL versions and force their weight
> down to 20?

I'd be interested in hearing people's thoughts on how to do such
scanning ethically (and perhaps legally). I was under the impression
the only way to do this right now is to actually trigger the bounds
bug and export some quantity (at least 1 byte) of memory from the
vulnerable machine.


More information about the tor-relays mailing list