About two days ago, I was poking around with OpenSSL to find a way to mitigate Heartbleed. I soon discovered that in its default config, OpenSSL ships with exploit mitigation countermeasures, and when I disabled the countermeasures, OpenSSL stopped working entirely. That sounds pretty bad, but at the time I was too frustrated to go on. Last night I returned to the scene of the crime.
read more....http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
read more....http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse