Heartbleed Turned Against Cyber Criminals

Rambo Tribble writes: "In a case of 'live by the sword, die by the sword,' researchers have used the now-infamous Heartlbeed bug in OpenSSL to gain access to black-hat forums. A French researcher named Steven K. is quoted as saying, 'The potential of this vulnerability affecting black-hat services is just enormous.' Reportedly, the criminal-minded sites Darkode and Damagelab have already been compromised." In related news, U.S. Cybersecurity Coordinator Michael Daniel posted an article at Whitehouse.gov yesterday reaffirming that the U.S. government had no prior knowledge of Heartbleed. He said, 'We rely on the Internet and connected systems for much of our daily lives. Our economy would not function without them. Our ability to project power abroad would be crippled if we could not depend on them. For these reasons, disclosing vulnerabilities usually makes sense. We need these systems to be secure as much as, if not more so, than everyone else.'

Re:Darned Heartbleed

[Shakrai]

Quit surfing pron sites now.

That's crazy talk. We live in an era of virtual machines, separate browser instances, deep freeze, noscript, Linux..... there's absolutely no compelling reason to give up porn in the name of security.

Re:Yep.

[quantaman]

5. Site is hosted on a compromised server in the first place -- fixing this by recompiling the server would alert the host admin.

This is my favourite explanation. I can just envision some incompetent sysadmin sleeping at his desk while hackers are frantically securing his system.