Hacker News new | past | comments | ask | show | jobs | submit login

With heartbleed, a bug in the implementation of the protocol led to the server randomly leaking contents of the server’s memory, which could be anything from private keys to user or system passwords to other confidential information. No passwords or MitM was required. You can read more at heartbleed.com



And it still doesn't matter, because sshd literally never has the private key that allows access. If a server only allows access via SSH key, you could literally have a complete RAM dump of the whole system and not be able to access it.


> still doesn't matter (...) you could literally have a complete RAM dump of the whole system and not be able to access it.

I'd say that matters. Think about all the secrets (tls keys, whatever) a server has in memory.

If you can't connect to the sshd daemon, you can't attack it.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: