On Fri, Apr 25, 2014 at 08:18:04AM -1000, Dillon Korman wrote: > Saw a link to this: > http://pastebin.com/qPxR9BRv > > Do you think there really is a working exploit on new versions of OpenSSL? It's bullshit. They say: 'A missing bounds check in the handling of the variable "DOPENSSL_NO_HEARTBEATS"'. That's not a variable, the "D" is not actually part of the name, and it's a compile-time macro that configures whether heartbeats will be compiled in or not. And because it's a compile-time thing, it's nothing that an attacker could ever influence.
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/