Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?
Source: EFF - Posted by Dave Wreski   
Privacy Yesterday afternoon, Ars Technica published a story reporting two possible logs of Heartbleed attacks occurring in the wild, months before Monday's public disclosure of the vulnerability. It would be very bad news if these stories were true, indicating that blackhats and/or intelligence agencies may have had a long period when they knew about the attack and could use it at their leisure. In response to the story, EFF called for further evidence of Heartbleed attacks in the wild prior to Monday. The first thing we learned was that the SeaCat report was a possible false positive; the pattern in their logs looks like it could be caused by ErrataSec's masscan software, and indeed one of the source IPs was ErrataSec.

Read this full article at EFF

Only registered users can write comments.
Please login or register.

Powered by AkoComment!