Re: Heartbleed and OpenSSL

IWETHEY v. 0.3.0 | TODO

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #388,321 by pwhysall 4/8/14 5:52:36 PM Reply	Re: Heartbleed and OpenSSL https://github.com/m...aster/top1000.txt Check that list. Change your password if you have an account on a vulnerable host.
Post #388,344 by Another Scott 4/9/14 8:24:36 AM Reply	#1353 http://xkcd.com/1353/ Cheers, Scott.
Post #388,347 by mmoffitt 4/9/14 8:43:36 AM Reply	:0)
Post #388,354 by drook 4/9/14 11:12:36 AM Reply	Well dammit -- Drew
Post #388,389 by scoenye 4/9/14 6:42:50 PM Reply	It is even more fun than that This works both ways. A malicious server can extract the memory of any client using vulnerable OpenSSL versions. How long before all those will be patched, especially the statically linked stuff?... https://tools.ietf.o...ml/rfc6520#page-5 Each endpoint sends HeartbeatRequest messages at a rate and with the padding required for the particular use case. The endpoint should not expect its peer to send HeartbeatRequests. The directions are independent.
Post #388,395 by folkert 4/10/14 1:53:52 AM Reply	Look for "pacemaker" as related to heartbleed... Oh yeah, this is going to be fun. -- greg@gregfolkert.net "No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
Post #388,393 by folkert 4/10/14 1:47:49 AM Reply	Amazing... I don't have any accounts on any of the Vulnerable websites. I guess being apathetic to most of them is a good thing. -- greg@gregfolkert.net "No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec

Heartbleed and OpenSSL - (folkert) - (27) - April 8, 2014, 10:09:41 AM EDT

Re: Heartbleed and OpenSSL - (pwhysall) - (6) - April 8, 2014, 05:52:36 PM EDT

#1353 - (Another Scott) - (1) - April 9, 2014, 08:24:36 AM EDT

:0) -NT - (mmoffitt) - April 9, 2014, 08:43:36 AM EDT

Well dammit -NT - (drook) - April 9, 2014, 11:12:36 AM EDT

It is even more fun than that - (scoenye) - (1) - April 9, 2014, 06:42:50 PM EDT

Look for "pacemaker" as related to heartbleed... - (folkert) - April 10, 2014, 01:53:52 AM EDT

Amazing... - (folkert) - April 10, 2014, 01:47:49 AM EDT

It now has its own website.. - (Ashton) - (2) - April 9, 2014, 04:50:04 PM EDT

Most damning point IMO - (drook) - (1) - April 9, 2014, 05:01:17 PM EDT

Yes... this. ^^^ -NT - (folkert) - April 10, 2014, 01:52:43 AM EDT

XKCD is cool today - (drook) - (1) - April 11, 2014, 01:34:52 PM EDT

wow - (crazy) - April 11, 2014, 01:50:42 PM EDT

SJMN: White House and NSA deny they knew about it. - (Another Scott) - (10) - April 11, 2014, 09:31:33 PM EDT

Re: SJMN: White House and NSA deny they knew about it. - (pwhysall) - (9) - April 14, 2014, 07:29:44 AM EDT

I find this comment at Wonkette plausible. - (Another Scott) - (4) - April 14, 2014, 08:04:31 AM EDT

Note the followup if you use Chrome. - (Another Scott) - (3) - April 14, 2014, 08:56:04 AM EDT

So Google doesn't understand the implications of... - (a6l6e6x) - (2) - April 14, 2014, 12:18:46 PM EDT

Deliberately turned off as of 2012 - (scoenye) - (1) - April 15, 2014, 06:44:12 PM EDT

I wonder if "Lifelock" is getting a spike in business... :-( -NT - (Another Scott) - April 15, 2014, 07:19:35 PM EDT

Hola Peter.. Query: - (Ashton) - (3) - April 14, 2014, 08:18:39 PM EDT

Re: Hola Peter.. Query: - (pwhysall) - (2) - April 15, 2014, 03:42:33 AM EDT

hehe. -NT - (Another Scott) - April 15, 2014, 08:27:48 AM EDT

No they wouldn't ... they've got Policies -NT - (drook) - April 15, 2014, 08:37:53 AM EDT

And it's exactly as bad as stated. - (pwhysall) - (2) - April 14, 2014, 07:36:53 AM EDT

Damn! - (a6l6e6x) - April 14, 2014, 12:33:20 PM EDT

Irony. - (static) - April 15, 2014, 10:32:00 PM EDT

Possible nasty side effect on Debian if OpenSWAN is used - (scoenye) - April 15, 2014, 07:05:35 PM EDT

That was never five minutes!
137 ms