Using Heartbleed Against Crooks (and an “Unpickable” deadbolt, Snowden/CCC)

First off, for fans of the “unpickable” bike lock, there’s now a (rather more practical) version of the Forever Lock intended for installation as a deadbolt. Can has Abloy Protec version?

Second, an honorary doctorate from the University of Rostock and a rectorship at the University of Glasgow and dozens of awards apparently aren’t enough — Snowden’s now an honorary member of the German CCC. (JYA is another.)

Anyway, here’s a novel use of the Heartbleed bug — breaking into Internet criminals’ online hangouts. It turns out that, though they may be good at exploiting bugs in others, the crooks themselves aren’t so good at keeping their software up-to-date… and some of the biggest “underground” forums turned out to be vulnerable to exactly this.

This applies in particular to the forums Darkode and Damagelab. A French researcher points out that Darkode in particular is very well protected, but — oops! — someone forgot to update OpenSSL.

What was that old saying about “live by the 0-day, die by the 0-day’…?

%d bloggers like this: