{"id":7410,"date":"2014-04-17T10:30:33","date_gmt":"2014-04-17T14:30:33","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=7410"},"modified":"2014-04-17T10:30:33","modified_gmt":"2014-04-17T14:30:33","slug":"no-evidence-exists-that-shows-anyone-has-been-affected-by-heartbleed","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/no-evidence-exists-that-shows-anyone-has-been-affected-by-heartbleed\/","title":{"rendered":"No Evidence Exists That Shows Anyone Has Been Affected By Heartbleed"},"content":{"rendered":"
\n

Study Finds No Evidence of Heartbleed Attacks Before the Bug Was Exposed<\/h3>\n

 <\/p>\n

SAN FRANCISCO \u2014 Ever since the Heartbleed bug was exposed last week, the question everyone has been asking is: Did anyone exploit it before a Google researcher first discovered it? <\/p>\n

The worry is that in the two years since the bug was accidentally incorporated into OpenSSL \u2014 a crucial piece of free security software used by governments and companies like the F.B.I. and Google \u2014 attackers could have exploited Heartbleed to take sensitive information like passwords and the virtual keys used to decipher any scrambled information stored on a web server. <\/p>\n

What\u2019s more, they could have done so without leaving evidence detectable by the normal methods used to track who has gained access to a server. <\/p>\n

But security researchers at the Energy Department\u2019s Lawrence Berkeley National Laboratory, which conducts unclassified scientific research, say that it is still possible to look for past Heartbleed exploitations by measuring the size of any messages sent to the vulnerable part of the OpenSSL code, called the Heartbeat, and the size of the information request that hits a server. <\/p>\n

In an attack, the size of the response would be larger than the size of the request. And because the Heartbleed flaw can expose only a small amount of information at one time\u2026<\/p>\n<\/blockquote>\n

Read the rest of this NY Times Bits Blog here.<\/u><\/em><\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Study Finds No Evidence of Heartbleed Attacks Before the Bug Was Exposed   SAN FRANCISCO \u2014 Ever since the Heartbleed bug was exposed last week, the question everyone has been asking is: Did anyone exploit it before a Google researcher first discovered it? The worry is that in the two years since the bug was accidentally incorporated into\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7410"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=7410"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7410\/revisions"}],"predecessor-version":[{"id":7411,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7410\/revisions\/7411"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=7410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=7410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=7410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}