Linked by Thom Holwerda on Tue 8th Apr 2014 22:06 UTC
Privacy, Security, Encryption

Heartbleed, a long-undiscovered bug in cryptographic software called OpenSSL that secures Web communications, may have left roughly two-thirds of the Web vulnerable to eavesdropping for the past two years. Heartbleed isn't your garden-variety vulnerability, so here's a quick guide to what it is, why it's so serious, and what you can do to keep your data safe.

Serious.

Permalink for comment 586783
To read all comments associated with this story, please click here.
Priest
Member since:
2006-05-12

A couple of people published that they were able to successfully fetch usernames and passwords from yahoo mail. There is a screenshot of one of the examples in the link I posted.

Because login/password are known fields you would be able to query the server in bulk and grep through the data for those strings knowing the data after it would be the actual credentials.

Here is an example of what I mean: http://i.imgur.com/GL2J8O8.png

You could build a database of user/pass combos with some fairly simple shell scripts.

Edited 2014-04-09 20:38 UTC

Reply Parent Score: 3