Reply To: How about a "Heart Bleed Bug" poll and show talk about it?

Home Forums The Show Discussion How about a "Heart Bleed Bug" poll and show talk about it? Reply To: How about a "Heart Bleed Bug" poll and show talk about it?

#2211
Christian
Christian
Participant

Great poll! I’ll go with choice 2.

I was wondering what the odds of extracting sensitive information using this vulnerability actually were. The company CloudFlare held a contest to determine that. They put up a dummy server at asked people to try to extract its private SSL key. Several people were successful and CloudFlare estimated it would take a dedicated hacker about two hours.

Here’s their blog post about the contest. A lot of information about the techniques hackers used to obtain the key. These guys seem pretty smart.
http://blog.cloudflare.com/the-heartbleed-aftermath-all-cloudflare-certificates-revoked-and-reissued

Another thing I learned is that clients can also be vulnerable, referred to as “reverse heartbleed”.