Patch All The Things! New "Cupid" Technique Exploits Heartbleed Bug (PCMagazine)
Patch All The Things! New "Cupid" Technique Exploits Heartbleed Bug (PCMagazine)
[Security] Posted Jun 4, 2014 16:53 UTC (Wed) by ris
Cupid is an exploit for the Heartbleed bug in OpenSSL that can target both
servers and endpoints running Linux and Android, reports
PCMagazine. "Luis Grangeia, a researcher at SysValue, created a
proof-of-concept code library that he calls "Cupid." Cupid consists of two
patches to existing Linux code libraries. One allows an "evil server" to
exploit Heartbleed on vulnerable Linux and Android clients, while the other
allows an "evil client" to attack Linux servers. Grangeia has made the source code freely available, in hopes that other researchers will join in to learn more about just what kind of attacks are possible.
"