![[TC] Gaming Forums](https://forum.city-driving.co.uk/images/logo.gif "[TC] Gaming Forums"){kind=logo}
+- [TC] Gaming Forums (https://forum.city-driving.co.uk)
+-- Forum: Community Area (/forumdisplay.php?fid=14)
+--- Forum: Technology Area (/forumdisplay.php?fid=82)
+---- Forum: Tech News (/forumdisplay.php?fid=83)
+---- Thread: Hearbleed bug in OpenSSL (/showthread.php?tid=11665)
Hearbleed bug in OpenSSL - mogey5101 - 2014-04-10 02:10
http://heartbleed.com/
People at Google found a bug in OpenSSL that can allow an attacker to leak up to 64k of memory from the server. That memory can contain your encrypted traffic along with the SSL certificate and the decryption key. Don't trust any website you visit in the next couple of days before you check it using something like http://filippo.io/Heartbleed/ .
Worst part? This bug has existed for over 2 years, you can actually view the github commit that included the bug here, so theres no way of telling whos abused this bug and where your data has gone.
If you have SSL certificates for your site(s), revoke them, if you're using Linux or MaxOSX, update OpenSSL.
RE: Hearbleed bug in OpenSSL - Ras - 2014-04-10 12:22
It's in danish news today, and they suggest that we change our passwords on certain popular sites.
I wasn't aware of this before.
RE: Hearbleed bug in OpenSSL - Audiojack - 2014-04-10 12:55
OpenSSL is a bit of a mess to be honest. But I guess we still don't have many better options.
RE: Hearbleed bug in OpenSSL - Pete - 2014-04-10 15:07
![[Image: heartbleed.png]](http://imgs.xkcd.com/comics/heartbleed.png)
RE: Hearbleed bug in OpenSSL - Kayla - 2014-04-10 15:09
Heatbleed apperantly was abused in Nov. 2013 from 2 computers which are part of a botnet to read chatlogs from the Freenode IRC Network.
German source:
http://www.golem.de/news/openssl-bug-spuren-von-heartbleed-schon-im-november-2013-1404-105782.html
RE: Hearbleed bug in OpenSSL - Chuck - 2014-04-10 15:23
(2014-04-10 15:09)Michi Wrote: .. to read chatlogs from the Freenode IRC Network.
Imagine someone breaks in and reads from our forum!
RE: Hearbleed bug in OpenSSL - Pete - 2014-04-10 16:47
(2014-04-10 15:23)Chuck Wrote:(2014-04-10 15:09)Michi Wrote: .. to read chatlogs from the Freenode IRC Network.
Imagine someone breaks in and reads from our forum!
Or finds your collection of "gentlemen's literature".
RE: Hearbleed bug in OpenSSL - Warped - 2014-04-10 17:14
"The passwords you need to change right now"
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?utm_cid=mash-com-fb-main-link
RE: Hearbleed bug in OpenSSL - mogey5101 - 2014-04-10 23:22
(2014-04-10 16:47)Pete Wrote:(2014-04-10 15:23)Chuck Wrote:(2014-04-10 15:09)Michi Wrote: .. to read chatlogs from the Freenode IRC Network.
Imagine someone breaks in and reads from our forum!
Or finds your collection of "gentlemen's literature".
Imagine the horrors!
RE: Hearbleed bug in OpenSSL - Pete - 2014-04-11 15:10
If you still have no idea what the Heartbleed bug is about:
![[Image: heartbleed_explanation.png]](http://imgs.xkcd.com/comics/heartbleed_explanation.png)
RE: Hearbleed bug in OpenSSL - FR4NOx - 2014-04-11 15:33
Hmm that really clears it up. Thanks Pete!