Full Disclosure mailing list archives
Re: heartbleed OpenSSL bug CVE-2014-0160
From: Brandon Perry <bperry.volatile () gmail com>
Date: Wed, 9 Apr 2014 14:56:17 -0500
I have seen people pull private keys off of FreeBSD 9.1 machines. https://twitter.com/1njected/status/453797877672706048 On Wed, Apr 9, 2014 at 2:52 PM, Jeremy Voorhis <jvoorhis () gmail com> wrote:
I just read an article titled "Why heartbleed doesn't leak the private key" and the claim seems irresponsible and overly broad. Can anyone comment on his analysis? http://blog.erratasec.com/2014/04/why-heartbleed-doesnt-leak-private-key.html#.U0WjNK1dWBg On Mon, Apr 7, 2014 at 5:10 PM, Kirils Solovjovs < kirils.solovjovs () kirils com> wrote:We are doomed. Description: http://www.openssl.org/news/vulnerabilities.html Article dedicated to the bug: http://heartbleed.com/ Tool to check if TLS heartbeat extension is supported: http://possible.lv/tools/hb/ A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client orserver.1.0.1[ abcdef] affected. P.S. Happy Monday! _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/-- Jeremy Voorhis _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
-- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: heartbleed OpenSSL bug CVE-2014-0160, (continued)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ken Connelly (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Justin Bull (Apr 08)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Fabien Bourdaire (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Juergen Christoffel (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Seth Arnold (Apr 11)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Reindl Harald (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Aidan Thornton (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Coderaptor (Apr 09)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Brandon Perry (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 David Tomaschik (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Ivan .Heca (Apr 10)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Michal Zalewski (Apr 10)