nanog mailing list archives
Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Wed, 9 Apr 2014 11:31:48 -0400
On Apr 09, 2014, at 11:26 , Me <jschiel () flowtools net> wrote:
On 04/08/2014 09:46 PM, Rob Seastrom wrote:
If that's true, you might want to consider immediately disconnecting your systems from the Internet and never re-connecting them. After all, theres a lot of online unseen code testing your site already whether you like it or not. -rSending someone to a site with obscure TLDs of .io or .lv doesn't help in these situations. This is a perfect opportunity for someone to set up a drive by site to drop malware on someone's computer. I'm not saying these sites did that but in order to see the code, someone would have to visit the site first. I personally would use wget instead of a browser for sites like these and did so in this situation. And yes, your point is not lost on me, there are tons of sites that have obfuscated code and malware running on them, I know that.
In the list of tools were several sites with code you could download, review, and run locally on your machine to test against the bug. However, I trust some of the sites listed. My new favorite is <https://sslanalyzer.comodoca.com/>, since it takes ports other than 443 and gives back a lot of info. -- TTFN, patrick
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed", (continued)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Me (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" bmanning (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Rob Seastrom (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" bmanning (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" jamie rishaw (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Matt Palmer (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Doug Barton (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Valdis . Kletnieks (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Jima (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Me (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Patrick W. Gilmore (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Niels Bakker (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Me (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Niels Bakker (Apr 09)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Me (Apr 09)
- Re: Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Steve Clark (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Laszlo Hanyecz (Apr 08)
- Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed" Chris Adams (Apr 08)