

Ask HN: did hordes of hackers swoop in the first hours (minutes) of Heartbleed? - hoodoof

I have this idea that there are hordes of hackers who create a hitlist of target websites that they want to hack.<p>They then just wait until the next exploit comes along.<p>And within hours (or minutes) of the new exploit becoming public, they swoop, own their target site and rootkit it.<p>Does anyone else think this is true?<p>And if it is true, then has half the Internet been rootkitted long before the sites owner could update SSL?<p>AND......so you updated your website - good on you. Do you think you had already been rootkitted?
======
adrianoconnor
Heartbleed wasn't a remote execution vulnerability. I am not a security
expert, but I'm pretty sure that Heartbleed in and of itself wouldn't allow
hackers to install a root kit.

In answer to your question, I have no idea how long it takes the bad guys to
exploit newly revealed exploits. Probably a day or two on average (for the
tools to be developed and then distributed). Also, different people have
different agendas and motivations -- there are no doubt people out there
desperate to jump on to certain high-profile sites at the first chance (Apple,
Amazon, with their credit card data would be an obvious target, for instance),
but I suspect most hackers just cast their net far and wide and take whatever
they can. Mostly it'll be unpatched servers from years ago that aren't managed
by a proper ops team, using exploits that should have been patched a long time
ago.

------
ryanthejuggler
The exploit only works on whatever data's in memory. If someone had started
attacking servers when Heartbleed started being publicized, they'd be getting
passwords and data from users who were active at that point in time.

Unfortunately (perhaps interestingly) right after the announcement I would
imagine that much of this activity would be changing passwords. I'd like to
think that they were good about telling people not to change passwords until
the hole was patched, but presumably some people would still start to change
their passwords. Ironically this hurts more than helps.

