[liberationtech] Pacemaker – a #HeartBleed probing utility
Chris Pinchen
chris at chokepointproject.net
Wed Apr 16 08:44:44 PDT 2014
Hi all - hopefully this is of interest:
Pacemaker http://pacemaker.chokepointproject.net/ is a utility that
scans the Alexa Top 1 million websites and attempts to connect to their
port 443. If this succeeds, Pacemaker tries to inject the HeartBleed
vulnerability (http://heartbleed.com/) in order to retrieve data from
the servers’ memory. An initial scan was performed on April 11th, where
approximately 30 000 vulnerable websites were uncovered. Since then,
Chokepoint Project have been re-scanning those URLs to see whether they
have been patched, and that number has shrunk by about 10 000.
“By now we all know how serious an issue heartbleed is, affecting nearly
all aspects of our use of networks. We were very interested to know more
about the rate of adoption of patch implementation. Despite the very
good adoption in the Alexa top 1 Million, given the severity of this
particular bug it is a little depressing to see that at the time of
writing (2014-04-15 20:24:08.) there are still 19721 sites unpatched.
This might seem like a small number, but given that there are more than
246 million domains in the world and we have scanned only the top 1
Million according to Alexa, and have only scanned for webservers not for
anything else, it is not unlikely that there might still be more than 5
million unpatched systems out there” said Chokepoint Project´s Ruben
Bloemgarten.
***What Pacemaker does not do* :
The URL probing tool has a 5 second timeout to complete the request. If
said request does not return within that time frame, it is marked as
unresponsive, and therefore not considered vulnerable anymore. These
timed out urls are not rechecked afterwards. In the same vein, it would
be interesting to keep scanning the total of 1 million urls in case
servers have been patched temporarily but are now again vulnerable, or
some site owners took the website down (timing out the request, or
failing) but failed to patch properly. URLs that do not have SSL are
also marked as non-vulnerable and currently not re-checked. For full
details, see https://github.com/l-r/heartbleed-masstest.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140416/5e73c4e7/attachment.html>
More information about the liberationtech
mailing list