Advisory: remote DoS when using Tor with recent OpenSSL versions built with the "no-ssl3" option
This is a copy of the message Nick Mathewson sent to the tor-talk &
New SSLv3 attack found: Disable SSLv3 in TorBrowser
nickm
October 14, 2014
Hi! It's a new month, so that means there's a new attack on TLS.
What the "Spoiled Onions" paper means for Tor users
Together with Stefan, I recently published the paper "Spoiled Onions: Exposing Malicious Tor Exit Relays".
Tor and the BEAST SSL attack
Today, Juliano Rizzo and Thai Duong presented a new attack on TLS <= 1.0 at the Ekoparty security conference in Buenos Aires.
The MD5 certificate collision attack, and what it means for Tor
Today, a team of security researchers and cryptographers gave a talk at the 25th Chaos Communication Congress (25C3), about a