lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Apr 2014 06:55:43 -0500 From: Ken Connelly <Ken.Connelly@....edu> To: Ronny Lauenstein <Lauenstein@...l.mpg.de>, "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160 There are many forks on github. I grabbed https://gist.github.com/sh1n0b1/10100394 first, then switched to https://gist.github.com/jpicht/10114168 - ken On 4/8/14, 4:18 PM, Ronny Lauenstein wrote: > Exists a mirror of ssltest.py? Site returns 403. > Thx. > > -----Ursprüngliche Nachricht----- > Von: Fulldisclosure [mailto:fulldisclosure-bounces@...lists.org] Im Auftrag von Fraser Scott > Gesendet: Dienstag, 8. April 2014 11:24 > An: fulldisclosure@...lists.org > Betreff: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160 > > This seems to be the best test so far: > > http://s3.jspenguin.org/ssltest.py > > Other tests false-positive on patched versions from what I can see. > > > On 8 April 2014 01:10, Kirils Solovjovs <kirils.solovjovs@...ils.com> wrote: > >> We are doomed. >> >> Description: http://www.openssl.org/news/vulnerabilities.html >> Article dedicated to the bug: http://heartbleed.com/ Tool to check if >> TLS heartbeat extension is supported: >> http://possible.lv/tools/hb/ >> >> A missing bounds check in the handling of the TLS heartbeat extension >> can be used to reveal up to 64kB of memory to a connected client or server. >> >> 1.0.1[ abcdef] affected. >> >> >> P.S. Happy Monday! >> >> _______________________________________________ >> Sent through the Full Disclosure mailing list >> http://nmap.org/mailman/listinfo/fulldisclosure >> Web Archives & RSS: http://seclists.org/fulldisclosure/ >> > _______________________________________________ > Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ -- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly@....edu p: (319) 273-5850 f: (319) 273-7373 Any request to divulge your UNI password via e-mail is fraudulent! _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists