oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160

From: Donald Stufft <donald () stufft io>
Date: Tue, 8 Apr 2014 16:27:27 -0400

On Apr 8, 2014, at 3:37 PM, Yves-Alexis Perez <corsac () debian org> wrote:


 (for example, I'm still unsure how easy
it really is to find some valuable data in those 64kB of process heap
memory).


Real easy, here’s a Python script which looks for cookies https://gist.github.com/mitsuhiko/10130454

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Previous By Date Next
Previous By Thread Next

Current thread: