On 13/04/14 23:43, Curt wrote: > On 2014-04-13, Eduardo M KALINOWSKI <[email protected]> wrote: >> On 20h20 12 de Abril de 2014, Steve Litt wrote: >>> I'm changing every password: That's about 100 of them. >> >> That's a good thing to do, but only after the server has patched >> openssl and changed its certificate. Otherwise someone could have >> captured the private key and other information that could be used to >> eavesdrop your newly changed password. > > This online tester: > > http://possible.lv/tools/hb/ > > provides this sort of output in the critical case:
I have 2 significant issues with all these online testers. Firstly, they generally actively exploit the bug, which is probably illegal in most jurisdictions - at least if you're using it on a server that isn't yours. Secondly - do you know who runs it? I don't. If I wanted to harvest a bunch of potentially vulnerable sites, setting up a test site is how I'd do it ... Richard -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
