Personal computing discussed
Moderators: askfranklin, renee, emkubed, Captain Ned
HEARTBEATING
write to 0x1df0a70 [0x1dfa5a3] (85 bytes => 85 (0x55))
0000 - 18 03 02 00 50 e9 dc 8d-92 98 ad 4d 73 85 f4 cf ....P......Ms...
0010 - a1 98 9f 62 7e 48 75 c1-6a ff 8b 81 f9 1c 07 a5 ...b~Hu.j.......
0020 - 8e 37 d7 cf 85 f9 45 d2-db 3d cd cd 11 51 3b 44 .7....E..=...Q;D
0030 - fc 09 d6 80 5c eb f3 18-ca 0d 51 0b 40 bb 0a 95 ....\.....Q.@...
0040 - a2 ae 4c c2 3e ae 29 22-f5 a2 df 4f d5 18 0f 71 ..L.>.)"...O...q
0050 - 56 d2 81 29 08 V..).
read from 0x1df0a70 [0x1df6053] (5 bytes => 5 (0x5))
0000 - 18 03 02 00 50 ....P
read from 0x1df0a70 [0x1df6058] (80 bytes => 80 (0x50))
0000 - 8e c4 b2 72 4d 3a 39 ca-ab 83 02 c4 1a 6f dc 10 ...rM:9......o..
0010 - 5d eb 31 77 a6 fa cd 54-27 42 b6 51 9d 1a 3f 57 ].1w...T'B.Q..?W
0020 - e9 0f 6b 2f 28 08 9f b5-0d 9c 49 e9 50 9a 28 67 ..k/(.....I.P.(g
0030 - 70 9a f4 6b a4 46 cf ab-3e 8c 5f c0 b1 50 72 a6 p..k.F..>._..Pr.
0040 - d7 28 92 05 96 ba 27 ee-d4 b6 64 7e d3 17 c2 64 .(....'...d~...d
read R BLOCK
bthylafh wrote:I'm not an SSL expert, but this appears to be legit:
https://blog.ipredator.se/2014/04/how-t ... leeds.html
My results when running the command:Code: Select allHEARTBEATING
write to 0x1df0a70 [0x1dfa5a3] (85 bytes => 85 (0x55))
0000 - 18 03 02 00 50 e9 dc 8d-92 98 ad 4d 73 85 f4 cf ....P......Ms...
0010 - a1 98 9f 62 7e 48 75 c1-6a ff 8b 81 f9 1c 07 a5 ...b~Hu.j.......
0020 - 8e 37 d7 cf 85 f9 45 d2-db 3d cd cd 11 51 3b 44 .7....E..=...Q;D
0030 - fc 09 d6 80 5c eb f3 18-ca 0d 51 0b 40 bb 0a 95 ....\.....Q.@...
0040 - a2 ae 4c c2 3e ae 29 22-f5 a2 df 4f d5 18 0f 71 ..L.>.)"...O...q
0050 - 56 d2 81 29 08 V..).
read from 0x1df0a70 [0x1df6053] (5 bytes => 5 (0x5))
0000 - 18 03 02 00 50 ....P
read from 0x1df0a70 [0x1df6058] (80 bytes => 80 (0x50))
0000 - 8e c4 b2 72 4d 3a 39 ca-ab 83 02 c4 1a 6f dc 10 ...rM:9......o..
0010 - 5d eb 31 77 a6 fa cd 54-27 42 b6 51 9d 1a 3f 57 ].1w...T'B.Q..?W
0020 - e9 0f 6b 2f 28 08 9f b5-0d 9c 49 e9 50 9a 28 67 ..k/(.....I.P.(g
0030 - 70 9a f4 6b a4 46 cf ab-3e 8c 5f c0 b1 50 72 a6 p..k.F..>._..Pr.
0040 - d7 28 92 05 96 ba 27 ee-d4 b6 64 7e d3 17 c2 64 .(....'...d~...d
read R BLOCK
From my limited understanding, a non-vulnerable host wouldn't have sent a "read from" response.
Tech Report wrote:We've updated the version of OpenSSL running on TR to address the problem. According to the Heartbleed test, we are no longer vulnerable.
However, if you have an account here, we strongly recommend updating your password. We cannot guarantee that some user passwords haven't been sniffed. If you use the same password on another site, it may be a good idea to change it there, too—so long as that other site doesn't fail the Heartbleed test.
Credit card information for subscribers was not compromised. That information never traveled through our servers, nor was it ever stored there. All credit card information for TR subscriptions was and will continue to be handled solely by our payment processor, Stripe. When we offer to "save" your credit card information, we're simply saving a reference to the card in Stripe's database.
derFunkenstein wrote:It's great that people are trying to help out, but announcing it in public just skyrockets the chances of it actually happening.
The bad guys know about this already.bthylafh wrote:derFunkenstein wrote:It's great that people are trying to help out, but announcing it in public just skyrockets the chances of it actually happening.
maxxcool wrote:Posting in such a fashion is professionally rude and irresponsible.. it is the same as taking pictures of your neighbors wife nude in the backyard and posting it on every door in a 10 block radius with he statement "oh we might be able to see you".
http://en.wikipedia.org/wiki/Responsible_disclosure
slowriot wrote:This isn't remotely the same situation. The OP did not disclose any private information. As well, this isn't a professional environment (you've proven this dozens of times yourself). Yes, I think the OP could have notified site admins in a better fashion. However, I don't think what the OP did is especially wrong (or harmful at all) and your example is ridiculous.
slowriot wrote:maxxcool wrote:Posting in such a fashion is professionally rude and irresponsible.. it is the same as taking pictures of your neighbors wife nude in the backyard and posting it on every door in a 10 block radius with he statement "oh we might be able to see you".
http://en.wikipedia.org/wiki/Responsible_disclosure
This isn't remotely the same situation. The OP did not disclose any private information. As well, this isn't a professional environment (you've proven this dozens of times yourself). Yes, I think the OP could have notified site admins in a better fashion. However, I don't think what the OP did is especially wrong (or harmful at all) and your example is ridiculous.
maxxcool wrote:Nice responsible disclosure... now anyone who can package a attack can take over the forums. way to go.... /slow clap/
