Month: April 2014

Heartbleed timeline

Posted on Updated on

  • 2014-04-05 15:13:33: Marko Laakso from Codenomicon registers http://heartbleed.com/ according to whois heartbleed.com
  • 2014-04-07 17:27:25 GMT: OpenSSL Security Advisory [07 Apr 2014] issue on openssl.org website.
  • 2014-04-07 19:21:29 (timezone?): openssl-1.0.1g.tar.gz made available at openssl.org.
  • 2014-04-07 19:37: Security researcher and Heartbleed discoverer Neel Mehta tweets about heartbleed.
  • 2014-04-08 05:04 GMT: Apparently first tweet on ssltest.py script to hexdump.
  • 2014-04-08 08:30 GMT: Danish blogger blogs about it.
  • 2014-04-08 11:05 GMT: English mainstream media BBC reports on Heartbleed.
  • 2014-04-08 11:42 GMT: Danish media Version2 reports about the issue.
  • 2014-04-08 12:01: Mark Loman’s highly retweeted tweet with image of hexdump from Yahoo! login details.
  • 2014-04-08 13:35 GMT: One of my attempts of downloading the Jared Stafford’s original ssltest.py to test and hexdump. At that point it was already modified to an empty file.
  • 2014-04-08 14:44:51 (?): Danish computer security incident response tema DKCERT issues a news item.
  • 2014-04-08 17:27 GMT: My download of a fork of Jared Stafford’s ssltest.py (hb-test.py) and successful run.
  • 2014-04-09 05:29:55 GMT: First XKCD joke about heartbleed.
  • 2014-04-09 8:02 GMT: The story reaches Danish mainstream media with BT.dk story.
  • 2014-04-09 09:33 GMT: Second(?) story in Danish mainstream media with TV2 story.
Advertisements