I have absolutely no idea if it could possibly be done, but could we test this particular OpenSSL exploit on the PSV?
http://blog.meldium.com/home/2014/4/10/ ... heartbleed
Apparently, it would (if it works) allow to read 64k chunks of heap memory from the scraper process (vita browser or whatever) that accesses a controlled HTTPS resource.
What did we find?
After we developed this tool but before we made it public, we ran some ad-hoc tests against a number of major web properties. These ad-hoc tests found three sites that had patched against Heartbleed on their perimeter hosts, but had not patched their agents and thus could be exploited:
An unnamed top 5 social network (we're waiting for confirmation of their fix) that fetched our URL to generate a preview. The memory we extracted from their agent included results from internal API calls and snippets of python source code.
Reddit, which can use a URL to suggest a name for a new post, used a vulnerable agent that they've now patched. The memory we were able to extract from this agent was less sensitive, but we didn't get as many samples because they patched so quickly (nice work!).
We registered a webhook to our malicious URL at rubygems.org to notify us whenever a gem was published. Within a few minutes, we captured chunks of S3 API calls that the Rubygems servers were making. After the disclosure, they quickly updated OpenSSL and are now protected (really nice work, especially from an all-volunteer staff!).
Advertising