On Apr 09, 2014, at 11:26 , Me <jschiel@flowtools.net> wrote:
On 04/08/2014 09:46 PM, Rob Seastrom wrote:
If that's true, you might want to consider immediately disconnecting your systems from the Internet and never re-connecting them. After all, theres a lot of online unseen code testing your site already whether you like it or not.
-r
Sending someone to a site with obscure TLDs of .io or .lv doesn't help in these situations. This is a perfect opportunity for someone to set up a drive by site to drop malware on someone's computer.
I'm not saying these sites did that but in order to see the code, someone would have to visit the site first. I personally would use wget instead of a browser for sites like these and did so in this situation.
And yes, your point is not lost on me, there are tons of sites that have obfuscated code and malware running on them, I know that.
In the list of tools were several sites with code you could download, review, and run locally on your machine to test against the bug. However, I trust some of the sites listed. My new favorite is <https://sslanalyzer.comodoca.com/>, since it takes ports other than 443 and gives back a lot of info. -- TTFN, patrick