In a post at pastebin, Hackers wrote: the hackers wrote on Pastebin.Hackers also claim that they can personally use this vulnerability for a long time before it gets patched, and on the other hand they are selling out that exploit for 2.5 Bitcoins ($1,069 / €780) or 100 Litecoins ($973 / €725). Group is unknown, as we said above, but they have an email address which is [email protected]
What is the proof, that their vulnerability is working:So, here comes twist-is there any video which proves that really their exploit is working, NO-They don’t have anything like that, but they have a screenshot which is of a response from a server. However, this is not enough to prove that the flaw is really working and experts questioning on their claims. “They say: ‘A missing bounds check in the handling of the variable DOPENSSL_NO_HEARTBEATS’. That’s not a variable, the ‘D’ is not actually part of the name, and it’s a compile-time macro that configures whether heartbeats will be compiled in or not,” one of the security expert and programmer Jann Horn noted on the Full Disclosure mailing list.“And because it’s a compile-time thing, it’s nothing that an attacker could ever influence,” Horn added. Some really believe what are you thinking now-IT IS A MONEY-MAKING SCAM. Yes, it could be, as their contact email [email protected] was used in the past by a group that offered to sell user information and source code from Mt. Gox and CryptoAve.We will update this news, if this exploit really works or any update comes from Hackers’ end or experts’ end.