I thought Heartbleed attacks were difficult to detect. How did they determine they used the Heartbleed vulnerability, especially since the attack happened only a week after Heartbleed was revealed?<p>> "Community Health ... disclosed yesterday that Chinese hackers stole patients’ Social Security numbers, names and addresses, without revealing how the hackers got in."<p>And then...<p>> “We never had any tangible proof of an attack until now,” said David Kennedy, founder of TrustedSec LLC, a security consulting company based in Cleveland, Ohio, who first reported Heartbleed was used to attack Community Health on his company’s website.<p>Here's the report: <a href="https://www.trustedsec.com/august-2014/chs-hacked-heartbleed-exclusive-trustedsec/" rel="nofollow">https://www.trustedsec.com/august-2014/chs-hacked-heartbleed...</a> -- but I still wonder how it was detected.
><i>"The Chinese embassy in Washington said it wasn’t aware of the attack."</i><p>It is utterly amazing to me how we view the Chinese people as such an evil "other".<p>I'd love to know how they determined that this was Chinese hackers, which doesn't appear in the Trusted Sec report, and from my amateur eyes would seem near impossible to determine with certainty. But if it was the case, why the first thought is that it was an action on behalf of the government instead of a couple Chinese kids messing about. Count the "Chinese hackers" in the article.<p>If the vulnerability was public at the beginning of April, how were there attacks made in June?<p>Hard to believe they actually asked the embassy if they knew about the attack. The embassy's reaction was understandable.
The scariest part of this is that even a week after Heartbleed went public, there are InfoSec professionals out there who still hadn't patched/brought down public-facing OpenSSL implementations.