Is it traceable with the log files when an (successful) attack occurred? If yes, we could determine whether the vuln has been used by the bad guys before. I'm no expert in dealing with apache log files, so I ask you ;)
On 04/08/14 02:10, Kirils Solovjovs wrote: > We are doomed. > > Description: http://www.openssl.org/news/vulnerabilities.html > Article dedicated to the bug: http://heartbleed.com/ > Tool to check if TLS heartbeat extension is supported: > http://possible.lv/tools/hb/ > > A missing bounds check in the handling of the TLS heartbeat extension > can be used to reveal up to 64kB of memory to a connected client or server. > > 1.0.1[ abcdef] affected. > > > P.S. Happy Monday! > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > -- --\___________________________________________________ ingo.schm...@binarysignals.net - GnuPG ID: 0xAFD687D2 | FP: 7418 77A6 4B59 AF90 4A11 1CCE 91C9 FF1B AFD6 87D2 | _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
