

Tor Project Loses 12% of Entry/Exit Bandwidth Because of Heartbleed - mike-cardwell
https://lists.torproject.org/pipermail/tor-relays/2014-April/004336.html

======
jfasi
> Tor's Bleeding Edge nodes (guards and exits) [1]

Seriously, the choice of Heartbleed as a name is genius. It makes for so many
awesome derivative names. I mean c'mon, "Bleeding Edges?" That's brilliant.

[1]
[https://encrypted.redteam.net/bleeding_edges/](https://encrypted.redteam.net/bleeding_edges/)

------
nteon
Its actually pretty impressive that 88% of tor operators have deployed OpenSSL
updates. Curious how that compares to the web.

~~~
aroch
Its more likely that a lot of them are running unaffected versions of OpenSSL

~~~
dfc
This makes no sense.

~~~
jessaustin
I don't know that it's _true_ , but it's certainly _plausible_ that these
hosts used OpenSSL versions prior to 1.0.1. Many other sites were in the same
position.

~~~
dfc
What about tor nodes makes them _more likely_ to be running older versions of
openssl than webservers?

~~~
sukuriant
operator laziness?

People that set up the exit and didn't really look at the machine since then

------
quasque
Makes me wonder how many malicious nodes on the network might be doing a
reverse Heartbleed attack on vulnerable clients.

It could be an effective way of unmasking the identity of hidden services, if
they happen to have chosen such a node as their entry guard.

------
trhway
Heartbleed seems to be more plausible answer to how NSA has cracked Tor
instead of the global whole-Internet-scale input-output analysis. Well, at
least i hope it is so...

~~~
alanpca
Can you provide a source for the NSA cracking tor?

~~~
alttab
They haven't needed to, they can simply run exit nodes:

"If you actually look in to where these Tor nodes are hosted and how big they
are, some of these nodes cost thousands of dollars each month just to host
because they're using lots of bandwidth, they're heavy-duty servers and so on.
Who would pay for this and be anonymous?"[1]

[1][http://en.wikipedia.org/wiki/Tor_(anonymity_network)#Exit_no...](http://en.wikipedia.org/wiki/Tor_\(anonymity_network\)#Exit_node_eavesdropping)

~~~
oakwhiz
The only other plausible explanation I can think of, is that some Tor exit
nodes are running on high-end machines without their owners' consent or
knowledge.

~~~
belorn
Because no one owning, working or operating a ISP would ever, ever, dream of
sponsoring some cable time to an anonymity network. They might be technical
people who's job it is to work with computer networks, by why would they be
interested in computer network technology? That would be like a technology
company sponsoring open source project with work hours.

~~~
alttab
I'm fairly certain ISP owners with high-end hardware would not risk their
business running Tor exit nodes.

------
sp332
What's the difference between "!reject" and "not Valid"?

Edit: I'm a TOR noob, I have no idea what a Valid flag does. Why wouldn't it
show up in logs the same way?

~~~
TranceMan
From the article:

I thought for a while about taking away their Valid flag rather than rejecting
them outright, but this way they'll get notices in their logs.

------
Torgo
If your node can't be a guard unless it has sufficient uptime and hasn't
shared a name with any other node for six months, where does that put you when
you upgrade your OpenSSL and generate new keys? Now my relay has a different
fingerprint with the same nickname as before, and downtime, so it can't be an
entry point anymore. How many entry points were lost because of this?

