8 Apr
2014
8 Apr
'14
11:24 p.m.
I just came across heartbleed. It's a painful CVE. Upgrade time If you have software that offers SSL/TLS using OpenSSL. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 https://www.mattslifebytes.com/?p=533 https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions... Scanning a subset of popular KE sites show that most are not vulnerable thanks to IIS/OWA. However, a few .go.ke and .co.ke SSL sites are leaking website code, cookies and god forbid private keys. Cheers, Laban