Openssl
It looks to me like the OpenSSL library that Bitdefender uses is from the 1.0.0 branch (1.0.0.4) and so isn't vulnerable to the heartbeat problem. Is that also Bitdefender's opinion?
0
Comments
-
The Open SSL flaw is server side not desktop.
0 -
The Open SSL flaw is server side not desktop.
You *do* have to attack the client side of the connection from the server side, but given the number of compromised and malicious webservers on the net (why wouldn't the same guy downloading a rootkit also send you a trick heartbeat packet?) the client side should probably also be considered vulnerable. It's certainly possible to attack it.0