Higher education institutes are too.
http://filippo.io/Heartbleed


On Wed, Apr 9, 2014 at 9:47 AM, ty <tyruskam@gmail.com> wrote:
It's worrying most financial institutions too are vulnerable. Very worrying.


On Wed, Apr 9, 2014 at 10:32 AM, Haggai Nyang <haggai.nyang@gmail.com> wrote:
Using the Chromebleed extension...

Inline image 1


On Wed, Apr 9, 2014 at 12:51 AM, Laban Mwangi <lmwangi@gmail.com> wrote:
This bug is super bad. It's a trivial exercise to modify the given PoC to dump memory of a vulnerable server continuously. You might be able view:
 -  x509 certs,
 - RSA key material.
 - Server side code & server side configs,
 - Browser UA for other visitors
 - Session IDS for other visitors.


On Tue, Apr 8, 2014 at 10:24 PM, Laban Mwangi <lmwangi@gmail.com> wrote:
I just came across heartbleed. It's a painful CVE. Upgrade time If you have software that offers SSL/TLS using OpenSSL.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
https://www.mattslifebytes.com/?p=533
https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/


Scanning a subset of popular KE sites show that most are not vulnerable thanks to IIS/OWA. However, a few .go.ke and .co.ke SSL sites are leaking website code, cookies and god forbid private keys.

Cheers,
Laban


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke