The heart-bleed bug.

remember the times the server uses the heartbeat protocol to check if its up or not; happens a lot in the nodes of banking centres in my previous working environment. Never knew this was the precursor to the heart bleed bug. Just a little tweak to the payload and crafting of the packet, in the heartbeat code, can actually leak random information.

Understanding the heartbeat request and response is the key to the heart bleed bug. Doing memory checks fixes this.

http://tools.ietf.org/html/rfc6520

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s