On 04/11/2014 06:52 AM, Greg Freemyer wrote:
Still I haven't heard about any real misuse of this bug. Are there any examples of compromised servers etc.? Between the announcement of the vulnerability and the roll-out of the
On Fri, Apr 11, 2014 at 9:38 AM, Vojtěch Zeisek <vojtech.zeisek@opensuse.org> wrote: patches, absolutely.
Security teams immediately put up traffic sniffers and watched their clients passwords, credit card numbers etc. flying out the door. They also saw the SSL private security keys flying out.
Did you find references for actual in-the-wild exploitation, Greg? I found some references to testing scenarios, but not actual data exfiltrations. This link from EFF thinks the only confirmed exploit kind of smells like an intelligence agency: https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-... http://tinyurl.com/lzez3sm Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org