Steven, On 4/12/14, 2:15 PM, Steven Siebert wrote: > I think it would be unlikely because the httpd configuration data > would be read into memory early on the heap (and in a very low > volatile area where that memory wouldn't often be freed up), whereas > the heartbeat would be much later in the heap, and thus the buffer > overflow would very unlikely effect it. > > You might get a more definitive answer CCing the developer > distro...since this really isn't a simple "configuration and support" > question....but they might just ignore the non-dev question. > > If you get the answer off list, please update =) This is what CloudFire thought, and they dared someone to steal their key using Heartbleed. 9 hours later... http://blog.cloudflare.com/the-results-of-the-cloudflare-challenge Then again, they were using Nginx. But the idea is that everything is theoretically snoopable via Heartbleed. -chris
Attachment:
signature.asc
Description: OpenPGP digital signature
|