I haven't read up on the actual mechanism, but it basically tricks the server process into adding 64k of random memory from its process space into the TLS heartbeat payload. That means any documents shared over an SSL app, credentials, session keys, and anything else the process touches.
Update your mail server as well if it allows TLS connections (do the command above to see if TLS server extension "heartbeat" is supported). And openvpn if you run VPN servers. On Tue, Apr 8, 2014 at 11:31 AM, Nux! <n...@li.nux.ro> wrote: > On 08.04.2014 18:24, Marcus wrote: >> >> For anyone who doesn't know, this is nightmare. People on tech sites >> are scraping logins from each other and posting comments as other >> users just to show they can, it's pretty powerful to be able to grab >> random memory from a process using OpenSSL. > > > How exactly does this happen? Do you know? For now I was just concerned > someone would get my SSL key for my site and so on. > > > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro
