Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
jeffDef
on April 7, 2014
|
parent
|
context
|
favorite
| on:
The Heartbleed Bug
Is there a way to tell if a third-party site has patched the bug? (Upgraded to 1.0.1g) Not much point in changing your password on that site before the vulnerability is fixed.
_fn
on April 8, 2014
|
next
[–]
Someone wrote this:
http://filippo.io/Heartbleed/
elliottcarlson
on April 8, 2014
|
prev
[–]
echo -e "quit\n" | openssl s_client -connect <HOSTNAME>:443 -tlsextdebug 2>&1| [ "` grep -c 'TLS server extension \"heartbeat\" (id=15), len=1'`" -gt 0 ] && echo 'Vulnerable'
jsmthrowaway
on April 8, 2014
|
parent
[–]
That can false-positive, for what it's worth, in servers with fixed TLS heartbeats (instead of removing them).
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
