gregorio2 1 Posted April 17, 2014 Share Posted April 17, 2014 On blog over at CNS Hut3 they have posted results of tests on Heartbleed detection tools and have developed their own and provide gist of how they developed it. They also pointed out that 95% of current tests are providing false feel good results and false vulnerables: hxxp://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- The date on blog is Apr 14, 2014, so some of those detection tools may have fixed their respective tools if they paid notice of CNS Hut3's work. A few updates to blog show some have done just that. A review of that work and other insight over at theguardian.com: hxxp://www.theguardian.com/technology/2014/apr/16/heartbleed-bug-detection-tools-flawed Heartbleed bug and all those suspect certificates are far from being cleaned up. Reported arrest in Canada of Heartbleed hacker: hxxp://arstechnica.com/tech-policy/2014/04/heartbleed-hacker-arrested-charged-in-connection-to-malicious-bug-exploit/ Link to comment Share on other sites More sharing options...
gregorio2 1 Posted April 17, 2014 Author Share Posted April 17, 2014 (edited) Over at possible.lv they had note to sys admins I had not heard before: "Patch your OpenSSL and statically linked binaries; Change your certificates, if you've been affected." That part about binaries not heard before. Also possible.lv updated at CNS Hut3 blog as fixed tool. hxxp://possible.lv/tools/hb/ Edited April 17, 2014 by gregorio2 Link to comment Share on other sites More sharing options...
Arakasi 549 Posted April 17, 2014 Share Posted April 17, 2014 hxxp://possible.lv/tools/hb/?domain=form.eset.com Had to do it, someone brought up this site earlier lol Link to comment Share on other sites More sharing options...
gregorio2 1 Posted April 17, 2014 Author Share Posted April 17, 2014 (edited) Arakasi, The four tools listed on Hut3's blog as good or fixed are: https://www.ssllabs.com/ssltest/index.html hxxp://possible.lv/tools/hb/ hxxp://nmap.org/nsedoc/scripts/ssl-heartbleed.html hxxp://heartbleed.criticalwatch.com/ edited I will not list all that failed to detect, go to blog, but total listed as tested was 15 with 4 good or fixed. edited The 3 most used were tested, The four tools listed on Hut3's blog as good or fixed are: https://www.ssllabs....test/index.html hxxp://possible.lv/tools/hb/ hxxp://nmap.org/nsed...heartbleed.html hxxp://heartbleed.criticalwatch.com/ edited I will not list all that failed to detect, go to blog, but total listed as tested was 15 with 4 good or fixed. edited The 3 most used were tested, Symantec's was not tested. Flilippo noted the script and said to be working on it: hxxp://www.reddit.co...test_site_ama/# ( hxxp://filippo.io/Heartbleed/ ) This is significant in that, it is basis for Chrome extension: Chromebleed: "Chromebleed uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded." The Hut3 tool is a python script and needs to run with python and so is not for general use like most of the other tools.t. Filippo noted the script and said to be working on it: hxxp://www.reddit.com/r/IAmA/comments/233161/i_am_the_author_of_the_heartbleed_test_site_ama/# ( hxxp://filippo.io/Heartbleed/ ) This is significant in that, it is basis for Chrome extension: Chromebleed: "Chromebleed uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded." The Hut3 tool is a python script and needs to run with python and so is not for general use like most of the other tools. Edited April 20, 2014 by gregorio2 Link to comment Share on other sites More sharing options...
Arakasi 549 Posted April 17, 2014 Share Posted April 17, 2014 Right This is the one i used hxxp://possible.lv/tools/hb/ Link to comment Share on other sites More sharing options...
Recommended Posts