security

heartleech – atypical “heartbleed” tool with a few more features

heartleech
A typical “heartbleed” tool. What makes this different is:

autopwn (-a) that does all the steps needed to get private key

post-handshake (encrypted) heartbeats instead of during handshake

evades Snort IDS rules

loops making repeated requests (-l <loopcount>)

dumps binary data to file (-f <filename>)

IPv4 or IPv6 (-v <IPver>)

full 64k heartbleeds

Surveillance is the Business Model of the Internet

Surveillance is the business model of the Internet. We build systems that spy on people in exchange for services. Corporations call it marketing.

Bruce Schneier

SSL Labs: Deploying Forward Secrecy

With revelations about mass surveillance in the news everywhere, an obscure feature of SSL/TLS called Forward Secrecy has suddenly become very interesting. So what is it, and why is it so interesting now?

Heartbleed reflections list

Mark McLoughlin has a nice list of thoughts, ideas, and questions to reflect on in regards to the Heartbleed bug.

How the Heartbleed bug works

From xkcd, of course.