Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

To: debian-user@lists.debian.org
Subject: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
From: Curt <curty@free.fr>
Date: Mon, 14 Apr 2014 09:49:40 +0000 (UTC)
Message-id: <[🔎] slrnlknbmn.2k5.curty@einstein.electron.org>
References: <[🔎] 1397328483.609.19.camel@archlinux> <[🔎] 1397329416.609.20.camel@archlinux> <[🔎] 1397331077.609.28.camel@archlinux> <[🔎] CAAr43iM_yExKxuk=-qZ0d7miPDqkiL_0jgWTHp0SBNBYf_O4UA@mail.gmail.com> <[🔎] 1397407039.609.61.camel@archlinux> <[🔎] 20140414030313.GA9681@tal> <[🔎] 534B8648.1000604@hardwarefreak.com> <[🔎] 534BA72B.8010609@walnut.gen.nz>

On 2014-04-14, Richard Hector <richard@walnut.gen.nz> wrote:
>
> This one, on the other hand, was generally not predicted, and was widely
> exploited before people got a chance to fix it. That's presumably still
> going on.

Widely exploited?

http://en.wikipedia.org/wiki/Heartbleed

Possible exploitation prior to disclosure 

 Many major web sites patched or disabled the bug within days of 
 its announcement,[30] but it is unclear whether potential attackers were aware of 
 it earlier and to what extent it was exploited. Based on examinations of audit logs 
 by researchers, it has been reported that some attackers may have exploited the 
 flaw for at least five months before discovery and announcement.[31][32] Errata 
 Security has partially rejected this hypothesis,[33] whereas the Department of 
 Homeland Security believes that as of April 11, "there have not been any reported 
 attacks or malicious incidents involving this particular vulnerability confirmed".

Reply to:

Follow-Ups:
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Richard Hector <richard@walnut.gen.nz>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>

References:
- My fellow (Debian) Linux users ...
  - From: Ralf Mardorf <ralf.mardorf@rocketmail.com>
- Re: My fellow (Debian) Linux users ...
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: My fellow (Debian) Linux users ...
  - From: Ralf Mardorf <ralf.mardorf@rocketmail.com>
- Re: My fellow (Debian) Linux users ...
  - From: Joel Rees <joel.rees@gmail.com>
- Re: My fellow (Debian) Linux users ...
  - From: Ralf Mardorf <ralf.mardorf@rocketmail.com>
- Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Chris Bannister <cbannister@slingshot.co.nz>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Richard Hector <richard@walnut.gen.nz>

Prev by Date: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Next by Date: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Previous by thread: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Next by thread: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Index(es):
- Date
- Thread