|
|
|
|
|
|
by coolj
4448 days ago
|
|
|
Brute force is infeasible if you get random heap data along with key fragments. Based on the way the exploit works[0], my amateur guess would be they sent small payloads and actually did get SSLv3 records, because they found the right heap allocation strategy for a specific build on a specific platform. [0] http://blog.existentialize.com/diagnosis-of-the-openssl-hear... |
|
|