nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed"

From: Me <jschiel () flowtools net>
Date: Wed, 09 Apr 2014 09:26:04 -0600

On 04/08/2014 09:46 PM, Rob Seastrom wrote:

If that's true, you might want to consider immediately disconnecting
your systems from the Internet and never re-connecting them.  After
all, theres a lot of online unseen code testing your site already
whether you like it or not.

-r
Sending someone to a site with obscure TLDs of .io or .lv doesn't help in these situations. This is a perfect opportunity for someone to set up a drive by site to drop malware on someone's computer.
I'm not saying these sites did that but in order to see the code, someone would have to visit the site first. I personally would use wget instead of a browser for sites like these and did so in this situation.
And yes, your point is not lost on me, there are tons of sites that have obfuscated code and malware running on them, I know that. 
--John
Previous By Date Next
Previous By Thread Next

Current thread: