[Slackbuilds-users] Cauterizing heartbleed (CVE-2014-0160)
Nick Warne
nick at linicks.net
Sat Apr 12 11:09:49 UTC 2014
I can't get that to work:
~/pacemaker$ python pacemaker.py
File "pacemaker.py", line 1
<!DOCTYPE html>
^
SyntaxError: invalid syntax
Nick
On 12/04/14 12:05, Vincent Batts wrote:
> Haha. I should read all new messages first. <3
> On Apr 12, 2014 3:06 AM, "mancha" <mancha1 at hush.com> wrote:
>
>> B Watson <yalhcru at ...> writes:
>> > On 4/12/14, mancha <mancha1 at ...> wrote:
>> > > After identifying candidates, we can worry about whether the bundled
>> > > or statically-linked OpenSSLs are vulnerable or not.
>> >
>> > Possibly stupid question but I'll ask it anyway. Are clients even
>> > vulnerable? Everything I've seen about heartbleed (and I haven't
>> > really researched in detail either) talks about attacks against
>> > vulnerable servers... is it possible for a malicious server to exploit
>> > an unpatched client?
>> >
>>
>> Heartbeats are basically pings for [D]TLS and they can originate at
>> either the client or server. So, yes, clients are "heartbleedable".
>>
>> In fact, you can use this python script to set up a listener and point
>> your favorite OpenSSL-linked clients (e.g. wget, curl, etc.) at it:
>>
>> https://github.com/Lekensteyn/pacemaker
>>
>> --mancha
>>
>> _______________________________________________
>> SlackBuilds-users mailing list
>> SlackBuilds-users at slackbuilds.org
>> http://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
>> Archives - http://lists.slackbuilds.org/pipermail/slackbuilds-users/
>> FAQ - http://slackbuilds.org/faq/
>>
>>
>
>
>
> _______________________________________________
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> http://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
> Archives - http://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - http://slackbuilds.org/faq/
>
--
"A bug in the code is worth two in the documentation."
FSF Associate Member 5508
http://linicks.net/
http://pi.linicks.net/
More information about the SlackBuilds-users
mailing list