2014/04/09

OpenSSL HeartBleed 漏洞来势凶猛

最近透露出来的OpenSSL HeartBleed (心脏滴血)漏洞很厉害,yahoo.com 都被用来作为POC攻击的示范站点。不过发此文时yahoo似乎已修复, 但查询top 1000...网站确实还有不少中招。ssltest python script 轻易就可以搜到,就不放在此了,注意它们只是显示是否vulnerable,并没有显示message content,当然这也很简单。此时攻防双方应该是在分秒必争,我觉得一些搞bitcoin的一些网站真是应该小心了。。。

INSECURE - bitcurex.com:443 has the heartbeat extension enabled and is vulnerable
INSECURE - localbitcoins.com:443 has the heartbeat extension enabled and is vulnerable
INSECURE - vip.btcchina.com:443 has the heartbeat extension enabled and is vulnerable
INSECURE - www.bitfinex.com:443 has the heartbeat extension enabled and is vulnerable
INSECURE - www.bitgo.com:443 has the heartbeat extension enabled and is vulnerable
INSECURE - www.bitstamp.net:443 has the heartbeat extension enabled and is vulnerable
INSECURE - www.cryptsy.com:443 has the heartbeat extension enabled and is vulnerable
INSECURE - www.virwox.com:443 has the heartbeat extension enabled and is vulnerable



OpenSSL HeartBleed bug
http://heartbleed.com/

Online heartbleed test
http://possible.lv/tools/hb/
http://filippo.io/Heartbleed/
https://www.ssllabs.com/ssltest/



没有评论: