<div dir="ltr">
<div class="gmail_extra"><div class="gmail_quote"><div><div dir="ltr"><div></div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><div>[1]: <a href="http://heartbleed.com/" target="_blank">http://heartbleed.com/</a></div>
</blockquote></div>
...<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class=""><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Some people are claiming that the memory reading ability can read arbitrary memory segments and get SSH keys, but I am not convinced.</blockquote>
</div><div class="gmail_extra"><br></div></div>Agreed - if that were true, there would also be a (much more significant) kernel vulnerability in play as well.<br></div></div></blockquote><div><br></div><div>iiic any memory visible to an app that services a port that does SSL handshakes has been vulnerable, eg httpd, perhaps mysql&postgresql, so if you run such apps on exposed ports, your memory has been visible, leaving only the question of whether anybody has been looking at you, which your usual logs won't show, only a comprehensive tcpdump would..<br>
</div></div></div></div>