728x90
CloudFlare lunched a challenge yesterday: Can You Get Private SSL Keys Using Heartbleed?[1] The site created by CloudFlare engineers is located here and is intentionally vulnerable to heartbleed. If you manage to steal the private key from the site, they will post the full details on that site. So far two individuals have succeeded: Fedor Indutny (@indutny) and Ilkka Mattila of NCSC-F.[2]
If you have time and bandwidth, this might be a fun weekend project.
[1] http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed
[2] https://www.cloudflarechallenge.com/heartbleed
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
728x90
'취약점 정보1' 카테고리의 다른 글
| ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities (0) | 2014.04.13 |
|---|---|
| Fortinet FortiADC contains a cross-site scripting vulnerability (0) | 2014.04.13 |
| Jetpack 2.9.3: Critical Security Update (0) | 2014.04.13 |
| VMware Security Advisories (0) | 2014.04.12 |
| 2014-04-11 취약점 정리 (0) | 2014.04.12 |