ssl-crawler

Klaus

Wed, 16 Apr 2014 15:30:28 +0200

#^http://ssl-crawler.net.t-labs.tu-berlin.de/

Current news: 2014-04-09: Are you probing my network for OpenSSL exploits? No!

We are currently working on a survey on the OpenSSL CVE-2014-0160 bug. This means that you will receive malicious looking traffic from this machine. This traffic is, however, of academic nature to assess the extend of the bug from a Internet security perspective. We do not retrieve private data from any of your system and do not intend to exploit your system.

#Heartbleed

[+] show all 7 comments

Thomas Willingham

Wed, 16 Apr 2014 21:39:52 +0200

The bit after the "No" makes it sound remarkably like a "Yes"...

Klaus

Wed, 16 Apr 2014 21:46:56 +0200

come on, it is of "academic nature" and they even have a university domain.

Thomas Willingham

Wed, 16 Apr 2014 21:49:49 +0200

But it's either lost in translation - they are looking for exploits even if they're not actually doing anything malicious with them - or they don't understand what they're doing.

If it's the first, it's fine. If it's the latter...

Mike Macgirvin

Wed, 16 Apr 2014 22:37:44 +0200

Everybody and their uncle is probing for heartbleed. I've already been informed by over twenty different institutions and providers - and those are only the ones who are talking about it.

What I really need is a heartbleed honeytrap.

Thomas Willingham

Wed, 16 Apr 2014 22:45:36 +0200 last edited: Wed, 16 Apr 2014 22:45:37 +0200

I'm slightly worried that somebody doing "research" or a "survey" and doesn't realise that actually, whatever the intention, they are looking for an exploit, ends up publishing a huge list - possibly quite unintentionally - of everyone who can be easily exploited.

Obfuscation isn't security, but security is ultimately about slowing down an intruder long enough to find them.

Mike Macgirvin

Wed, 16 Apr 2014 22:48:56 +0200

I've already received a few such lists and managed to find a couple of Linux boxes sitting in closets somewhere that we all forgot about.

Klaus

Wed, 16 Apr 2014 23:13:39 +0200

Okay, I got what you meant. But I don't think it is lost in translation. It looks like they just re-purposed an existing test bot and just add one sentence, but not changing the rest. There are several inconsistencies in their explanations that make no sense when I read it again.

This website is tracked using the Piwik analytics tool. If you do not want that your visits are logged this way you can set a cookie to prevent Piwik from tracking further visits of the site (opt-out).