On Thu, Apr 10, 2014 at 11:41:48AM -0500, andrew mcelroy wrote: > I wish I had seen this sooner, but it's a useful tool > http://filippo.io/Heartbleed/
Sure. If you like the idea of submitting possibly vulnerable sites to some completely random .io domain that may well be snarfing creds and keys. There exist multiple working detectors on the net that are a simple google away that you can run yourself after looking the code over. Jared Stafford's can be found at: http://stuff.gerdesas.com/heartbleed/detector.py Using such tools narrows down the threat surface; granted not much, but something is better than nothing. John -- Among the many lessons that I've learned from this whole experience is to try to speak a little bit less. -- Former Illinois Governor Rod R. Blagojevich, after being convicted of 17 counts in a corruption case, New York Times, 28 June 2011
pgpMZ8gVMSeWc.pgp
Description: PGP signature
