Looks like issues.apache.org is ok.
On Tue, Apr 8, 2014 at 12:34 PM, Marcus <shadow...@gmail.com> wrote: > That's a better test. > > On Tue, Apr 8, 2014 at 11:54 AM, Nux! <n...@li.nux.ro> wrote: >> On 08.04.2014 18:40, Marcus wrote: >>> >>> I haven't read up on the actual mechanism, but it basically tricks >>> the server process into adding 64k of random memory from its process >>> space into the TLS heartbeat payload. That means any documents shared >>> over an SSL app, credentials, session keys, and anything else the >>> process touches. >>> >>> Update your mail server as well if it allows TLS connections (do the >>> command above to see if TLS server extension "heartbeat" is >>> supported). And openvpn if you run VPN servers. >> >> >> Yeah, good thinking about the VPN. >> >> Also found this https://gist.github.com/takeshixx/10107280 for testing and >> it looks like it could actually retrieve sensitive data. Ugly.. >> >> >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro
