Articles about OpenSSL Heartbleed vulnerability (12.4.2014)
Eyal Estrin
Heartbleed: Gov. Agencies Respond
http://www.govinfosecurity.com/heartbleed-gov-agencies-respond-a-6737/op-1
Statistics on the impact of Heartbleed on Select Top Level Domains
http://securityaffairs.co/wordpress/23878/intelligence/statistics-impact-heartbleed.html
Not just websites hit by OpenSSL's Heartbleed – PCs, phones and more under threat
http://www.theregister.co.uk/2014/04/10/many_clientside_vulns_in_heartbleed_says_sans/
Heartbleed vendor notifications
https://isc.sans.edu/forums/diary/Heartbleed+vendor+notifications/17929
Heartbleed Bug – What You Should And Shouldn’t Do
http://bhconsulting.ie/securitywatch/?p=2103
McAfee Security Bulletin – OpenSSL Heartbleed vulnerability patched in McAfee products
https://kc.mcafee.com/corporate/index?page=content&id=SB10071
Using masscan to scan for heartbleed vulnerability
http://blog.erratasec.com/2014/04/using-masscan-to-scan-for-heartbleed.html#.U0jV2fVZrDd
Heartbleed Detector: Check If Your Android OS Is Vulnerable with Our App
https://blog.lookout.com/blog/2014/04/09/heartbleed-detector/
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
http://www.theregister.co.uk/2014/04/11/heartbleed_health_checking_services_may_be_illegal/
Mitigating OpenSSL Heartbleed
https://f5.com/solutions/mitigation/mitigating-openssl-heartbleed?mkt_tok=3RkMMJWWfF9wsRolu6jBd%2B%2FhmjTEU5z16eolXKCg38431UFwdcjKPmjr1YAATsZkI%2BSLDwEYGJlv6SgFTLXGMbNt2bgKUxI%3D
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
https://casecurity.org/2014/04/09/heartbleed-bug-vulnerability-discovery-impact-and-solution/
Heartbleed developer explains OpenSSL mistake that put Web at risk
http://arstechnica.com/information-technology/2014/04/heartbleed-developer-explains-openssl-mistake-that-put-web-at-risk/
Cloudflare Challenge proves 'worst case scenario' for Heartbleed is actually possible
http://www.engadget.com/2014/04/11/heartbleed-openssl-cloudflare-challenge/
NSA knew about Heartbleed bug and took advantage of it, but the NSA denies the charge
http://gigaom.com/2014/04/11/nsa-knew-about-devastating-heartbleed-bug-and-used-it/
Heartbleed: Why the Internet's Gaping Security Hole Is So Scary
http://gizmodo.com/heartbleed-why-the-internets-gaping-security-hole-is-1560812671
Implications of the HeartBleed vulnerability on Single Sign-On and Federation implementations
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2014/04/11/implications-of-the-heartbleed-vulnerability-on-single-sign-on-and-federation-implementations.aspx
VMWare Response to OpenSSL security issue CVE-2014-0160/CVE-2014-0346 a.k.a: "Heartbleed" (2076225)
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225
Heartbleed vulnerability, Exchange and load balancers
http://www.jaapwesselius.com/2014/04/09/heartbleed-vulnerability-exchange-and-load-balancers/
The Other Side of Heartbleed - Client Vulnerabilities
https://isc.sans.edu/forums/diary/The+Other+Side+of+Heartbleed+-+Client+Vulnerabilities/17945
Heartbleed FAQ: Akamai Systems Patched
https://blogs.akamai.com/2014/04/heartbleed-faq-akamai-systems-patched.html
Open Letter to Internet Users and Businesses: Help Us Test OpenSSL and Make the Internet Safer
http://blog.bugcrowd.com/open-letter-to-internet-users-and-businesses/
All You Wanted to Know About the Heartbleed Bug
http://www.checkmarx.com/2014/04/10/heartbleed-informatory/
OpenSSL “Heartbleed” – Whose Vulnerable and How to Check
http://cyberarms.wordpress.com/2014/04/09/openssl-heartbleed-whose-vulnerable-and-how-to-check/
Heartbleed Explanation
http://www.f-secure.com/weblog/archives/00002696.html
"Heartbleed" OpenSSL Vulnerability Fixed on Incapsula
http://www.incapsula.com/blog/heartbleed-ssl-vulnerability-fixed.html
The Heartbleed OpenSSL flaw is worse than you think
http://www.infoworld.com/print/240231
Protecting your OpenSSL Server from HeartBleed using IDP
http://forums.juniper.net/t5/Security-Mobility-Now/FAQ-Protecting-your-OpenSSL-Server-from-HeartBleed-using-IDP/ba-p/238256
“Heartbleed” Vulnerability may compromise your security on thousands of sites
http://blog.kaspersky.com/heartbleed-howto/
The Heartbleed bug and SSL implementations
http://kevtownsend.wordpress.com/2014/04/09/the-heartbleed-bug-and-ssl-implementations/
Be Still My Bleeding Heart! Q&A on the HeartBleed Bug
http://blog.malwarebytes.org/online-security/2014/04/be-still-my-bleeding-heart-qa-on-the-heartbleed-bug/
"Heartbleed" - would 2FA have helped?
http://nakedsecurity.sophos.com/2014/04/12/heartbleed-would-2fa-have-helped/
Stealing Private SSL Keys Using Heartbleed Difficult, Not Impossible
http://nulzsec.com/2014/04/11/stealing-private-ssl-keys-using-heartbleed-difficult-not-impossible/
What Have We Learned: OpenSSL Heartbleed Bug
http://nulzsec.com/2014/04/10/what-have-we-learned-openssl-heartbleed-bug/
8 Tips For Dealing With Heartbleed Right Now
http://researchcenter.paloaltonetworks.com/2014/04/8-tips-dealing-heartbleed/
7 Ways to Stop the Heartbleed: Protecting Yourself from OpenSSL
http://information.rapid7.com/heartbleed-vulnerability-resources.html
Patching The Heartbleed OpenSSL Vulnerability
http://blog.sucuri.net/2014/04/patching-the-heartbleed-openssl-vulnerability.html
Symantec Security Advisory - OpenSSL Heartbleed Bug
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AD831
CheckPoint - OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346)
http://www.checkpoint.com/defense/advisories/public/2014/cpai-09-apr.html
Websense - "Heartbleed" Vulnerability in OpenSSL (CVE-2014-0160) Could Lead To Data Theft
http://community.websense.com/blogs/securitylabs/archive/2014/04/09/vulnerability-in-openssl-cve-2014-0160-could-lead-to-data-theft.aspx
Websense - Broken Hearted? A Practical Look at the Heartbleed Vulnerability
http://community.websense.com/blogs/securitylabs/archive/2014/04/11/heartbleed-follow-up.aspx
http://www.zdnet.com/private-keys-may-be-inaccessible-to-heartbleed-7000028356/