@daveaitel @flyryan Thanks, I couldn't remember which of your many keynotes that was! I agree, it's hard to find many breaches traced to HB.
-
-
Replying to @dguido
@dguido@daveaitel@flyryan sorry but HB in ssl vpns has led to million dollar loss breaches although not very public ones...2 replies 0 retweets 0 likes -
Replying to @p_____o_____q
@suqdiq@dguido@flyryan That is probably true - I assume VPNs have a diff memory layout or something.1 reply 0 retweets 1 like -
Replying to @daveaitel
@daveaitel@dguido@flyryan with juniper sslvpn ive seen cases where HB was used 2 dump AD creds & thus enabling IP theft remotely1 reply 2 retweets 0 likes -
Replying to @p_____o_____q
@suqdiq@daveaitel@dguido@flyryan pulling valid creds or sessions is not useless, not sure why Dave said the vuln was1 reply 0 retweets 0 likes -
Replying to @jstnkndy
@jstnkndy@suqdiq@daveaitel@flyryan It requires attention to detail and does not easily scale as an attack vector. Shellshock does.3 replies 0 retweets 1 like -
Replying to @daveaitel
@daveaitel@jstnkndy@suqdiq@flyryan which brings me back to reason for asking: hard to find data breaches with Heartbleed listed as factor5 replies 0 retweets 1 like -
Replying to @joshcorman
@joshcorman@daveaitel@jstnkndy@suqdiq@flyryan 1) It's hard to find empirical breach evidence 2) It had trouble working outside a lab ...1 reply 0 retweets 1 like
@joshcorman @daveaitel @jstnkndy @suqdiq @flyryan 3) even when it worked, it's not easy to scale
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.