Yet Another HeartBleed.

This Heartbleed Information Disclosure Vulnerability has pretty much been covered all over the internet today (8th April 2014).  As a one-page-stop summary, please read below: An online site exists to check vulnerabilities: http://filippo.io/Heartbleed/ Source Code available at: https://github.com/FiloSottile/Heartbleed A python script (thats much better): http://s3.jspenguin.org/ssltest.py A second version of above code with STARTTLS Support: https://gist.github.com/takeshixx/10107280 A good breakout of why the bug exists is here: http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html Watching twitter has been entertaining, login.yahoo.com has been leaking user…

SNMP – The Missing MIB

Introduction Many users of SNMP Network Management Tools / Penetration Test Tools, may find that recent versions of software including the popular SNMPwalk appear to be missing MIBs, or that previously available information is now mysterious missing.  This is more prominent on Debian or Ubuntu based systems (any system that compiles from source like Gentoo , appear unaffected).  This is additionally important for Penetration Tester Professionals that have an exam…