The exploit has been rumoured for some time. Does it matter who the primary actors are. They have all the private keys by now and g's/s-view/wifi/scan has the other half; so that deals with the white-hats. All historical data dumps can be retrospectively analysed at any time for eternity at ones leisure. As for the code which is in the wild I enclose a graph of 3 hours traffic from the http://filippo.io/Heartbleed/# site which is using something like 31 machines showing ~2000 sites being tested every minute, ~360,000 over 3hours and that is from a public site; an unknown% will be blackhats. This is catastrophic and you should believe it's not only our guys that have it but every other *worth their salt. InternetNZ almost became a CA in ~2004. We could have fixed this hole now for .nz with a working revocation system. Then INZ had a new team on board and it was .... The ironical blowback is that our "own" might be just as threatened by this. We just have to get on and deal with this as a priority tomorrow and for the next decade. I am a patriot by the way, Yours Michael amI#6 -----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Don Stokes Sent: Wednesday, 9 April 2014 8:37 p.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Message concerning Certs Is there any indication out there as to how widely this bug has been exploited? I.e. if you've patched servers in the last 24 hours, how likely is it that your certificate keys have been leaked over the last months / year? Not looking for accurate numbers, just roughly where on the scale of, "this is possible but no reports of actual use" to "all the black hats have been doing this for years so you're screwed unless you re-issue and revoke your certs" the exploit lies. Also, last time I worried about this, certificate revocation was, uh, largely unimplemented. That was a while ago. How well does it work now? And with potentially large numbers of revoked certs? -- don _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog