Reply To: How about a "Heart Bleed Bug" poll and show talk about it?
Home › Forums › The Show Discussion › How about a "Heart Bleed Bug" poll and show talk about it? › Reply To: How about a "Heart Bleed Bug" poll and show talk about it?
Great poll! I’ll go with choice 2.
I was wondering what the odds of extracting sensitive information using this vulnerability actually were. The company CloudFlare held a contest to determine that. They put up a dummy server at asked people to try to extract its private SSL key. Several people were successful and CloudFlare estimated it would take a dedicated hacker about two hours.
Here’s their blog post about the contest. A lot of information about the techniques hackers used to obtain the key. These guys seem pretty smart.
Another thing I learned is that clients can also be vulnerable, referred to as “reverse heartbleed”.