Heartbleed Turned Against Cyber Criminals

Rambo Tribble writes: "In a case of 'live by the sword, die by the sword,' researchers have used the now-infamous Heartlbeed bug in OpenSSL to gain access to black-hat forums. A French researcher named Steven K. is quoted as saying, 'The potential of this vulnerability affecting black-hat services is just enormous.' Reportedly, the criminal-minded sites Darkode and Damagelab have already been compromised." In related news, U.S. Cybersecurity Coordinator Michael Daniel posted an article at Whitehouse.gov yesterday reaffirming that the U.S. government had no prior knowledge of Heartbleed. He said, 'We rely on the Internet and connected systems for much of our daily lives. Our economy would not function without them. Our ability to project power abroad would be crippled if we could not depend on them. For these reasons, disclosing vulnerabilities usually makes sense. We need these systems to be secure as much as, if not more so, than everyone else.'

Core Infrastructure Initiative

[John.Banister]

Perhaps Michael Daniel's office would care to contribute. It might benefit their ability to project power abroad.

Re:Darned Heartbleed

[Shakrai]

Quit surfing pron sites now.

That's crazy talk. We live in an era of virtual machines, separate browser instances, deep freeze, noscript, Linux..... there's absolutely no compelling reason to give up porn in the name of security.

Re:NSA: Massively irresponsible/incompetent

[Pseudonym]

Incompetent if they didn't find heartbleed [they are supposed to protect our infrastructure].

The open source community didn't find it either. If it's any consolation, the NSA is probably about as competent as we are.

Re:Yep.

[quantaman]

5. Site is hosted on a compromised server in the first place -- fixing this by recompiling the server would alert the host admin.

This is my favourite explanation. I can just envision some incompetent sysadmin sleeping at his desk while hackers are frantically securing his system.