Serious bug in ubiquitous OpenSSL library: "Heartbleed"

Patrick W. Gilmore patrick at
Wed Apr 9 15:31:48 UTC 2014

On Apr 09, 2014, at 11:26 , Me <jschiel at> wrote:
> On 04/08/2014 09:46 PM, Rob Seastrom wrote:

>> If that's true, you might want to consider immediately disconnecting
>> your systems from the Internet and never re-connecting them.  After
>> all, theres a lot of online unseen code testing your site already
>> whether you like it or not.
>> -r
> Sending someone to a site with obscure TLDs of .io or .lv doesn't help in these situations. This is a perfect opportunity for someone to set up a drive by site to drop malware on someone's computer.
> I'm not saying these sites did that but in order to see the code, someone would have to visit the site first. I personally would use wget instead of a browser for sites like these and did so in this situation.
> And yes, your point is not lost on me, there are tons of sites that have obfuscated code and malware running on them, I know that.

In the list of tools were several sites with code you could download, review, and run locally on your machine to test against the bug.

However, I trust some of the sites listed. My new favorite is <>, since it takes ports other than 443 and gives back a lot of info.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 535 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the NANOG mailing list