tag:blogger.com,1999:blog-37798047.post2756671130778850215..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Using masscan to scan for heartbleed vulnerabilityDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-37798047.post-25127013906176769122014-07-01T17:05:31.380-04:002014-07-01T17:05:31.380-04:00Is there any legal problem scanning for hearbleed ...Is there any legal problem scanning for hearbleed vulnerability?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-65672369825134076552014-04-09T13:07:56.122-04:002014-04-09T13:07:56.122-04:00Is masscan using a TLS 1.2 header, a TLS 1.1 heade...Is masscan using a <b>TLS 1.2</b> header, a <b>TLS 1.1</b> header, or trying <b>both</b>? Per comments on <a href="https://gist.github.com/takeshixx/10107280" rel="nofollow">https://gist.github.com/takeshixx/10107280</a>, at least some servers only respond to heartbeat requests that use the TLS 1.1 header. If you only checked for TLS 1.2 (which is what the first widely available exploit code did), it seems you could potentially be massively underestimating the number of vulnerable servers.Lokihttps://www.blogger.com/profile/18406257117259929618noreply@blogger.com