There are many big sites out there now running with IDS signatures for
this traffic, and there is current active probing from all the usual
suspects. We've retrieved current username/password data from some of
our own servers, but you have to get lucky to spot it sometimes.
I don't have any feel for historical action; not many players do full
packet capture for historic analysis, for obvious reasons. Although
the Big Data vendors would like you to :-)
-jim
On Wed, Apr 9, 2014 at 8:36 PM, Don Stokes
Is there any indication out there as to how widely this bug has been exploited? I.e. if you've patched servers in the last 24 hours, how likely is it that your certificate keys have been leaked over the last months / year?
Not looking for accurate numbers, just roughly where on the scale of, "this is possible but no reports of actual use" to "all the black hats have been doing this for years so you're screwed unless you re-issue and revoke your certs" the exploit lies.
Also, last time I worried about this, certificate revocation was, uh, largely unimplemented. That was a while ago. How well does it work now? And with potentially large numbers of revoked certs?
-- don
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog