[kwlug-disc] Heartbleed affected sites

Khalid Baheyeldin kb at 2bits.com
Tue Apr 15 10:05:00 EDT 2014


On Tue, Apr 15, 2014 at 9:50 AM, John Johnson <jvj at golden.net> wrote:

> On 2014-04-15 09:20, Khalid Baheyeldin wrote:
>
>> We are currently going through the painstaking process of analyzing other
>> fragments of data, some that may relate to businesses, that were also
>> removed."
>>
>
> Given the sheer volume of data that is flowing in the tubes, I would
> suggest that this would be much like looking for a particular cup of water
> in the Great Lakes.
> And that any investigation or analysis would have to be executed on an
> exception basis as opposed to continuous.
>

Not necessarily.

If they know the finger print then they can look in the vast hoard of data
that they collected previously, and filter on these. Any network analyzer
has such a feature built in, be it WireShark or proprietary commercial
products.

And the fact that Heartbleed repeated reads 64k chunks of memory makes it
possible to target only those specific attacks.
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140415/f2bf967d/attachment.html>


More information about the kwlug-disc mailing list