Here’s a tool to test web sites to see if they have the Heartbleed vulnerability:
For fun, try putting in “facebook.com” and “bankofamerica.com”. If you see “yellow submarine” in the text block that appears, it means the web site is vulnerable.
This bug is nasty. Effectively, anyone can directly see various chunks of server memory… and keep pulling different chunks until they’ve got something interesting. It’s sort of like a free slot machine, only as a hacker you can create as many slot machines as you want!
You can see the source code of the above web site here:
No comments:
Post a Comment