That's a better test.
On Tue, Apr 8, 2014 at 11:54 AM, Nux! <n...@li.nux.ro> wrote: > On 08.04.2014 18:40, Marcus wrote: >> >> I haven't read up on the actual mechanism, but it basically tricks >> the server process into adding 64k of random memory from its process >> space into the TLS heartbeat payload. That means any documents shared >> over an SSL app, credentials, session keys, and anything else the >> process touches. >> >> Update your mail server as well if it allows TLS connections (do the >> command above to see if TLS server extension "heartbeat" is >> supported). And openvpn if you run VPN servers. > > > Yeah, good thinking about the VPN. > > Also found this https://gist.github.com/takeshixx/10107280 for testing and > it looks like it could actually retrieve sensitive data. Ugly.. > > > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro
