DO NOT USE TOR RIGHT NOW. HEARTBLEED IS AFFECTING ALL THE TOR CLIENTS AND ALL THE TOR USERS!!!!

https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

Do not use Tor right now. The gaping hole in OpenSSL affects Tor too. Wait a few weeks, then download a new version.

See the link above.

If you run a hidden service, turn it off if you can, since it can leak information.

THIS IS IMPORTANT.

edit:

A good note by klahaya: if you have Tails version of Tor, it's OK, since it uses an old OpenSSL version.

However, I wouldn't bet on all the hidden services being safe.


Comments


[25 Points] LennyShelby__:

New browser bundle to fix this already released.

https://blog.torproject.org/blog/tor-browser-354-released

Still, be cautious as the hidden service you use can leak information.


[14 Points] throwaway123456z:

Kinda confused on everything that's happening. I'm not too savvy on security and I just hop on and off the markets every once in a while. Can anyone give me (and anyone else who doesn't really understand) a run down on these stuff? And if we download the update, would it be good to use? What exactly are hidden service?


[3 Points] klahaya:

Tails is still tracking Debian oldstable, so it should not be affected by this bug.

So using Tor through Tails is safe?


[3 Points] 13tom13:

is it worth changing passwords and pgp keys even if i use them nowhere else and have no btc in any market? might just make new account when i download the new version of tor someone needs to do an advice thread for users and vendors


[2 Points] sisko7:

You could also recompile OpenSSL and then compile Tor yourself.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.


[2 Points] None:

[deleted]


[1 Points] None:

Looks like I'm changing my passwords


[1 Points] 13tom13:

http://motherboard.vice.com/en_us/read/tor-if-you-want-privacy-or-anonymity-stay-off-the-internet-this-week?utm_source=motherboard


[1 Points] oVerde:

I don't understand, how someone could change passwords staying outside of TOR at the same time


[-12 Points] aalewis____:

Oh well at least I managed to get a shitload of login info.
and guys update your tor binaries if you have the standalone version for torchat/pidgin/multibit or some other shit.