@daveaitel Do you know the best reference offhand where you compare heartbleed (useless) vs shellshock (useful)?
-
-
Replying to @dguido
@dguido@daveaitel Whoa… who claimed heartbleed was useless?1 reply 0 retweets 2 likes -
Replying to @flyryan1 reply 0 retweets 0 likes
-
Replying to @daveaitel
@daveaitel@flyryan Thanks, I couldn't remember which of your many keynotes that was! I agree, it's hard to find many breaches traced to HB.4 replies 0 retweets 0 likes -
Replying to @dguido
@dguido@daveaitel@flyryan sorry but HB in ssl vpns has led to million dollar loss breaches although not very public ones...2 replies 0 retweets 0 likes -
Replying to @p_____o_____q
@suqdiq@dguido@flyryan That is probably true - I assume VPNs have a diff memory layout or something.1 reply 0 retweets 1 like -
Replying to @daveaitel
@daveaitel@dguido@flyryan with juniper sslvpn ive seen cases where HB was used 2 dump AD creds & thus enabling IP theft remotely1 reply 2 retweets 0 likes -
Replying to @p_____o_____q
@suqdiq@daveaitel@dguido@flyryan pulling valid creds or sessions is not useless, not sure why Dave said the vuln was1 reply 0 retweets 0 likes -
Replying to @jstnkndy
@jstnkndy@suqdiq@daveaitel@flyryan It requires attention to detail and does not easily scale as an attack vector. Shellshock does.3 replies 0 retweets 1 like -
Replying to @dguido
@jstnkndy@suqdiq@daveaitel@flyryan Shellshock is much easier to dev into a repeatable process that works across targets w/ known results2 replies 0 retweets 1 like
@jstnkndy @suqdiq @daveaitel @flyryan Heartbleed tends to be different for every target, may lead to creds, but then what do you do? thinky
-
-
Replying to @dguido
@dguido@jstnkndy@daveaitel@flyryan not every target per se but every device/vendor. all juniper SSL were vuln for 2 days. ALL of them0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.