Tor, the sometimes-controversial internet-traffic-anonymising service, is bleeding thanks to Heartbleed.
Roger
Dingledine, one of Tor's three original co-developers and now the
project's leader, director and researcerh, has posted to the Tor relays mailing lists with his assessment that “we'll lose about 12% of the exit capacity and 12% of the guard capacity.”
The reason for the degradation is that some Tor nodes are running
compromised versions of OpenSSL. Tor's overlords , sensibly, appear to
be looking at the service's participants to check whether they are
likely to Heartbleed out if attacked. As they find problems, they
exclude the nodes from the network.
“I/we should add to this list
as we discover other relays that come online with vulnerable openssl
versions,” Dingledine writes. He also adds that there are plenty of
places for Tor's operators to look, as to date they have only considered
“... the relays with Guard and/or Exit flags, so we should add the
other 1000+ at some point soon.”
Tor's overseers are doubtless not
alone in having a lot of Heartbleed-related work to do. That they have
that work to do, and that Tor is degraded by the vulnerability, is more
evidence of the very significant impact the problem is causing.
No comments:
Post a Comment