On Fri, Apr 11, 2014 at 03:27:12PM +0200, Emanuele Balla (aka Skull) wrote:
> > Comunque non vorrei essere frainteso non sto dicendo che la cosa non ? > > seria, ma solo che l'equazione > > > > Heartbleed == Leak chiavi private > > > > non ? vera. > > Al riguardo: > > http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed E, dopo poche ore.. "The Heartbleed Challenge Can you steal the keys from this server? Has the challenge been solved yet? YES So far, two people have independently solved the Heartbleed Challenge. The first was submitted at 4:22:01PST by Fedor Indutny (@indutny). He sent at least 2.5 million requests over the span of the challenge, this was approximately 30% of all the requests we saw. The second was submitted at 5:12:19PST by Ilkka Mattila of NCSC-FI using around 100 thousand requests. We confirmed that both of these individuals have the private key and that it was obtained through Heartbleed exploits. We rebooted the server at 3:08PST, which may have contributed to the key being available in memory, but we can't be certain. This server is running nginx-1.5.13 linked against OpenSSL 1.0.1.f on Ubuntu 13.10 x86_64. It is vulnerable to Heartbleed. Can you get the secret key? [..]" giusto se qualcuno avesse ancora dei dubbi.. https://www.cloudflarechallenge.com/heartbleed bye, K.
________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List
