On 2014-04-09 22:40 , Dean Pemberton wrote:
And from the same twitter thread saying it was
[can extract private key on vulnerable FreeBSD if it is first request]
"first request after restart" is a special case too ("possible, but
unlikely"). The same thread/poster also says:
"[...] Does not work on Debian. [...]"
which implies (as noted in that thread) something about the FreeBSD
malloc patterns makes it more likely/possible than Debian's malloc.
Those (who were) running a vulnerable OpenSSL on FreeBSD may wish to
take that into account in their assessment :-)
The main thing which is certain is that it's going to be a well