Serious bug in ubiquitous OpenSSL library: "Heartbleed"
Patrick W. Gilmore
patrick at ianai.net
Wed Apr 9 15:31:48 UTC 2014
On Apr 09, 2014, at 11:26 , Me <jschiel at flowtools.net> wrote:
> On 04/08/2014 09:46 PM, Rob Seastrom wrote:
>> If that's true, you might want to consider immediately disconnecting
>> your systems from the Internet and never re-connecting them. After
>> all, theres a lot of online unseen code testing your site already
>> whether you like it or not.
>>
>> -r
>>
> Sending someone to a site with obscure TLDs of .io or .lv doesn't help in these situations. This is a perfect opportunity for someone to set up a drive by site to drop malware on someone's computer.
>
> I'm not saying these sites did that but in order to see the code, someone would have to visit the site first. I personally would use wget instead of a browser for sites like these and did so in this situation.
>
> And yes, your point is not lost on me, there are tons of sites that have obfuscated code and malware running on them, I know that.
In the list of tools were several sites with code you could download, review, and run locally on your machine to test against the bug.
However, I trust some of the sites listed. My new favorite is <https://sslanalyzer.comodoca.com/>, since it takes ports other than 443 and gives back a lot of info.
--
TTFN,
patrick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 535 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140409/6f306067/attachment.sig>
More information about the NANOG
mailing list