“Bleeding heart”vulnerability before the announcement may have been government agencies use-vulnerability warning-the black bar safety net

ID MYHACK58:62201453676
Type myhack58
Reporter 佚名
Modified 2014-09-15T00:00:00


“Bleeding heart”vulnerability is already in the history of the Internet the most serious defects. However, the new study showed that“heart bleed”vulnerability in April broke before, there is no evidence that the heartbleed vulnerability has been used by hackers to large-scale use.“ Bleeding heart”vulnerability broke after, the Internet site scrambled to apply the patch. However, some American University Research scholar worried about the vulnerability in the burst before, may have been government agencies use for Internet monitoring.

Through the analysis of the Lawrence Berkeley National Laboratory collected 2 0 1 3 year 1 1 month 2 0 1 year 4 4 on the“trap”of network traffic, the researchers found that the heartbleed vulnerability broke before, no hacks massive exploit this vulnerability to attack the signs. The first attack occurred in“bleeding heart”vulnerability broke after 2 within 2 hours, after which, the researchers observed 5 9 4 8 times a“bleeding heart”vulnerability to attacks, these attacks against 6 9 2 different hosts.

“Bleeding heart”vulnerability disclosure after three weeks, the researchers found that the Internet operations of the business patch the vulnerability rate is still not ideal, only 4 7% of surveyed operators said they have been completely fix the vulnerability.

The study concluded that“bleeding heart”loophole broke and processing techniques, can be used as the future of the Internet vulnerability in crisis response paradigm.