[TriLUG] Heartbleed on my desktop?
Steve Pinkham
steve.pinkham at gmail.com
Wed Apr 9 10:03:27 EDT 2014
On 04/09/2014 08:49 AM, Scott Miller wrote:
> I was reading the memory dump can work both ways so a malicious server
> could dump memory from a vulnerable client.
>
Yup, this is symmetric, the heartbeat messages are processed both ways
using the same vulnerable code. Server attacks are more likely due to
ease of access but client software is affected just as much.
>From the main release details site(heartbleed.com):
> Furthermore you might have client side software on your computer that
could expose the data from your computer if you connect to compromised
services.
I do believe I'll be having fun with this bug for years.
--
| Steven Pinkham, Security Consultant |
| http://www.mavensecurity.com |
| GPG public key ID E9E996C1 |
More information about the TriLUG
mailing list