2014-04-16 15:04 GMT+02:00 Alexandr Ciornii <alexcho...@gmail.com>:

> A specially created server (
> http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed
> , in Russian: http://www.xakep.ru/post/62350/default.asp ) can send
> similar request to client. But such attack has low probability.
>

It is not recommended to use such online services. Some really try to
capture as much as they can from your system.

Instead, use an open source offline solution that you run yourself for your
machine : pacemaker.
https://github.com/Lekensteyn/pacemaker

I verified that openssl bundled with StrawberryPerl 5.18.2.1 is vulnerable.
You can reproduce it like this (while pacemaker.py is running):
C:\strawberry\c\bin\openssl s_client -connect 127.0.0.1:4433

Reply via email to