Heartbleed Blows the Lid Off of Tor's Privacy
"The Heartbleed bug basically allows anyone to obtain traffic coming in and out of Tor exit nodes (given that the actual connection that is run over Tor is not encrypted itself),” Mulliner explained. “Of course a malicious party could run a Tor exit node and inspect all the traffic that passes through it, but this requires running a Tor node in the first place. Using the Heartbleed bug, anyone can query vulnerable exit nodes to obtain Tor exit traffic.”