Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed"

["Patrick W. Gilmore" <patrick () ianai net>]

On Apr 09, 2014, at 11:26 , Me <jschiel () flowtools net> wrote:
> On 04/08/2014 09:46 PM, Rob Seastrom wrote:

> > If that's true, you might want to consider immediately disconnecting
> > your systems from the Internet and never re-connecting them.  After
> > all, theres a lot of online unseen code testing your site already
> > whether you like it or not.
> >
> > -r
> Sending someone to a site with obscure TLDs of .io or .lv doesn't help in these situations. This is a perfect 
> opportunity for someone to set up a drive by site to drop malware on someone's computer.
>
> I'm not saying these sites did that but in order to see the code, someone would have to visit the site first. I 
> personally would use wget instead of a browser for sites like these and did so in this situation.
>
> And yes, your point is not lost on me, there are tons of sites that have obfuscated code and malware running on them, 
> I know that.

In the list of tools were several sites with code you could download, review, and run locally on your machine to test 
against the bug.

However, I trust some of the sites listed. My new favorite is <https://sslanalyzer.comodoca.com/>, since it takes ports 
other than 443 and gives back a lot of info.

-- 
TTFN,
patrick

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail