On 08.04.2014 18:40, Marcus wrote:
I haven't read up on the actual mechanism, but it basically tricks
the server process into adding 64k of random memory from its process
space into the TLS heartbeat payload. That means any documents shared
over an SSL app, credentials, session keys, and anything else the
process touches.
Update your mail server as well if it allows TLS connections (do the
command above to see if TLS server extension "heartbeat" is
supported). And openvpn if you run VPN servers.
Yeah, good thinking about the VPN.
Also found this https://gist.github.com/takeshixx/10107280 for testing
and it looks like it could actually retrieve sensitive data. Ugly..
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
