@daveaitel Do you know the best reference offhand where you compare heartbleed (useless) vs shellshock (useful)?
@daveaitel @flyryan Thanks, I couldn't remember which of your many keynotes that was! I agree, it's hard to find many breaches traced to HB.
-
-
@dguido@daveaitel@flyryan sorry but HB in ssl vpns has led to million dollar loss breaches although not very public ones... -
@suqdiq@daveaitel@flyryan probably has, but is it commensurate with the hype it received? I'm looking for evidence if you have any.
End of conversation
New conversation -
-
-
@dguido@daveaitel@flyryan yes, hard to trace breach to bug; but more steps doesn't mean it was useless -
@julianor@daveaitel@flyryan sorry, I used too harsh a word. It's not an easily repeatable attack pattern, requires thought for each target - End of conversation
New conversation -
-
-
@dguido@daveaitel@flyryan heartbleed is harder to identify in normal logs. you can usually get the loot without logging. bad for metrics.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido@daveaitel I’ll check that out. I would argue that HB is very valuable for certain use cases. A traditional breach not being one.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.