Interesting. Could this be a part of what the leaked documents were referring to as "groundbreaking capabilities" a few months back?
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=4&_r=1&hp https://www.eff.org/document/2013-09-05-guard-bullrun On Sat, Apr 12, 2014 at 3:32 AM, Jesse Victors <jvict...@jessevictors.com>wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > > Saw this article: > > http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html > > "The U.S. National Security Agency knew for at least two years about a > flaw in the way that many websites send sensitive information, now > dubbed the Heartbleed bug, and regularly used it to gather critical > intelligence, two people familiar with the matter said. The NSA said in > response to a Bloomberg News article that it wasn?t aware of Heartbleed > until the vulnerability was made public by a private security report. > The agency?s reported decision to keep the bug secret in pursuit of > national security interests threatens to renew the rancorous debate over > the role of the government?s top computer experts." > > Thanks NSA, glad you've got our backs there. > > If you run a relay and you have been on one of the affected versions of > OpenSSL, I would urge you to STRONGLY CONSIDER your relay compromised. > Delete your keys per the recommendations and let Tor generate new ones. > It's better to cripple the network temporarily while we come back from > this, rather than preserving the uptime with possibly compromised keys. > Security matters here. Please follow the best practice recommendations. > If you run a web server, rekey your SSL certificates. Basically, if you > were affected, consider encryption to have been bypassed and passwords > and other sensitive information compromised. We cannot afford to take > chances here. If the NSA knew it, you can also bet that someone else > with a good static analyzer discovered it as well, I'll let you imagine > one. > > Good luck out there everyone, we really need to revoke our keys if we > were affected. Seriously, guys. It's worth it. > > On a lighter note, https://xkcd.com/1354/ > > Stay safe. Live long and prosper. > Jesse V. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.14 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQF8BAEBCgBmBQJTSImHXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w > ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxMjgyMjhENjEyODQ1OTU1NzBCMjgwRkFB > RDk3MzY0RkMyMEJFQzgwAAoJEK2XNk/CC+yA0nIIAKj1lOXRGcwMFd39CxjnymSN > FVzrPUa/JomCJHqW/A0xSFdxbVAZIvio6C1phuWHmiiDKhsBuBGwLNzXQMGFltaw > BnaTO1lLCvvSbEdmXPg12hR3YqR1d5D7Xnb0iTlSfrjZ7gGDEsXoJG3pU/V/RCFo > IOEqxfZtVcI3DdrImlwcR6gPw6ip9JlTo49w8ncy6/K4cHED2liCQ13JvWjaQzSl > uB06eWNsNo1IhPCKkZ7gFzharhN/4kAQrytC+ZcTmIrXdPrsd1lUaVICHWK9AEon > sciDu5lI77srXWwt77YVAKw6Jrls41N3USgvKBSrxZhfBVQlCPOmoXtTHdwbhks= > =pmBQ > -----END PGP SIGNATURE----- > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays