That page says "btc-arbs.com IS VULNERABLE. " ?
No it is fine. That test can give a false positive when load is high.
What are you talking about? It gives part of the memory as proof :s
Just to be clear: anyone using BTC-arbs last few days should be very careful. An attacker can steal user's cookies/password as long as btc-arbs.com has this OpenSSL vulnerability.
I recommend to not use this site until this vulnerability is fixed. And well, obviously I recommend to not use them at all since months already but yeh. Will be perfect end for ponzi too "ah shit, got hacked".What? Now you are just spreading FUD!
Why? With this vulnerability attackers can get ~64KB of random data from the memory, and an attacker can keep doing this to get more memory data. In the memory data there can be sessions IDs of users so the attacker can take over their session and for example do a BTC withdrawal. This is widely documented already, for example:
https://www.mattslifebytes.com/?p=533 ,
https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/ , etc. and the scripts for it are pretty easy to find too.
Do you really enjoy people losing their money or something? I am just trying to warn people for a serious security vulnerability :\
Where is your proof that BTC-arbs is open to this vulnerability? The test site used early in this thread cleared the site. This is only a problem with unpatched openSSL 1.01. In the meantime you are just whipping up the fear you have been trying since the beginning of this thread.