| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Apr 2014 19:20:33 +0200 From: Ingo Schmitt <ingo.schmitt@...arysignals.net> To: fulldisclosure@...lists.org Subject: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160 Is it traceable with the log files when an (successful) attack occurred? If yes, we could determine whether the vuln has been used by the bad guys before. I'm no expert in dealing with apache log files, so I ask you ;) On 04/08/14 02:10, Kirils Solovjovs wrote: > We are doomed. > > Description: http://www.openssl.org/news/vulnerabilities.html > Article dedicated to the bug: http://heartbleed.com/ > Tool to check if TLS heartbeat extension is supported: > http://possible.lv/tools/hb/ > > A missing bounds check in the handling of the TLS heartbeat extension > can be used to reveal up to 64kB of memory to a connected client or server. > > 1.0.1[ abcdef] affected. > > > P.S. Happy Monday! > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > -- --\___________________________________________________ ingo.schmitt@...arysignals.net - GnuPG ID: 0xAFD687D2 | FP: 7418 77A6 4B59 AF90 4A11 1CCE 91C9 FF1B AFD6 87D2 | _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists