Tor (The Onion Router), the internet traffic anonymising service, is bleeding due to the Heartbleed vulnerability, claims a recent report.
According to the Register, some of the Tor nodes are running compromised versions of OpenSSL, which leaves a possibility of being exposed on what was thought to be an anonymous platform.
This implies the platform allowing anonymous and “secure” transactions within the cyber underground is also vulnerable due to the flaw in OpenSSL encryption code.
Roger Dingledine, one of the Tor’s co-developers as well as the project’s leader and director, has posted to the Tor relays mailing lists that read “If the other directory authority operators follow suit, we’ll lose about 12% of the exit capacity and 12% of the guard capacity.”
“I/we should add to this list as we discover other relays that come online with vulnerable openssl versions,” Dingledine wrote. “Also these are just the relays with Guard and/or Exit flags, so we should add the other 1000+ at some point soon.”
Earlier last week, Tor wrote in a blog post titled “OpenSSL bug CVE-2014-0160” that read “A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today, which can be used to reveal memory to a connected client or server,” adding that users using older versions of OpenSSL are safe.
Looks like the Heartbleed bug might have freaked out cybercriminals too, just as the rest of the people, thanks to Robin Seggelmann.
Tor had sometimes been in the controversial list, especially with the revelations of NSA’s surveillance strategies. Reports circulated stating NSA tried to crack Tor’s security as the project was also used by criminals to disguise identities.
Recent reports also suggest Heartbleed bug to be the plausible answer to how NSA tried to crack Tor’s security. However, NSA has denied exploiting Heartbleed bug stating it was not aware of the vulnerability until the flaw was disclosed publicly.
