This is pretty nice: https://lastpass.com/heartbleed/ They seem to even have historic data for some sites' certificates.
On 10 April 2014 11:02, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 10.04.2014 00:32, schrieb Craig Holmes: > > On April 8, 2014 10:21:34 AM Matthew Musingo wrote: > >> Even if your systems were patched an attacker could have already > attained > >> the secrets. > >> > >> Certs and other sensitive information need to be reconsidered for > >> replacement or changed > > How realistic is it that an attacker would be able to glean passwords > through > > this vulnerability? Programatically searching through 64k memory dumps > for > > certificates seems plausible, but looking for passwords does not. A > password is > > of no pre-determined length or format. So unless you know what strings > are > > wrapped around it (and those strings are reliably presented), isn't the > loss > > of some types of sensitive information.... unlikely? > > it is very realistic and already happened > > Anonymous Austria yesterday posted about online banking transactions > with screenshots auf the data-dumps, webmail-accounts and so on > over many hours and for a short tiemframe there where even folder > with thousands of such dumps online > > > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
