Heartbleed prevention

0 投票
最新提问 用户: (120 分)

I was just reading about the Heartbleed attack and I found it really interesting. A server is vulnerable if it's using OpenSSL 1.0.1 through 1.0.1f (inclusive). So obviously a way to counter this attack is to update OpenSSL to a safe version.

I wrote a Python code that detects if a server is victim of a Heartbleed attack. I was wondering if it was possible to write some code, in Python per say, in order to, not just to detect the attack but to prevent it. I.e when I use my Python detection tool, I have another algorithm that takes appropriate measures when it know that it is under attack to counter the attack.

Could anyone help me with that ??

Thank you very much.

发表于 用户: (2.5k 分)
You should ask a specific question for a particular problem. Since Stack Overflow hides the Close reason from you: "Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it."
发表于 用户: (120 分)
Hi jeff. What I did is an algorithm using Python to detect when a server is releasing to much information proving that it is victim of a heartbleed attack. I searched online and saw that a simple library update can solve this issue. I just wanted to know, if it is feasible to secure the server not to leak too much information using a algorithm that I would write in Java or Python for instance, even thought the library is not updated and prone to data leak. That is, i would prevent this through a code of mine and not a simple update.

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。