On 2014-04-10 at 01:01 -0700, der.hans wrote: > The bug has been around a ocuple of years, but thus far I haven't seen any > claims that it was being exploited before the announcement went public.
Claims of exploits being detected in November 2013. http://arstechnica.com/security/2014/04/heartbleed-vulnerability-may-have-been-exploited-months-before-patch/ Someone looking at their packet capsure logs showing scans in March 2014: http://www.seacat.mobi/blog/heartbleed So: was known by blackhats, was actively being used, for _months_, which on Internet timescales ... -Phil _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
