OpenSSL vuln
der.hans
PLUGd at LuftHans.com
Mon Apr 7 13:57:18 MST 2014
moin moin,
Based on the following page:
OpenSSL heartbeat is enabled even if you're not using it unless you
disabled it at compile time.
The vulnerability has been in place for two years ( version 1.0.1 up until
1.0.1g that was just released ).
It can be exploited to reveal your private key without leaving a trace.
IDS can probably be configured to detect the attack.
http://heartbleed.com/
ciao,
der.hans
--
# http://www.LuftHans.com/ http://www.LuftHans.com/Classes/
# "The first requisite of a good citizen in this republic of ours is that
# he should be able and willing to pull his weight." -- Theodore Roosevelt
More information about the PLUG-discuss
mailing list