|
Hearbleed bug in OpenSSL
|
|
2014-04-10, 02:10
(This post was last modified: 2014-04-10 02:12 by mogey5101.)
Post: #1
|
|||||||
|
|||||||
|
Hearbleed bug in OpenSSL
http://heartbleed.com/
People at Google found a bug in OpenSSL that can allow an attacker to leak up to 64k of memory from the server. That memory can contain your encrypted traffic along with the SSL certificate and the decryption key. Don't trust any website you visit in the next couple of days before you check it using something like http://filippo.io/Heartbleed/ . Worst part? This bug has existed for over 2 years, you can actually view the github commit that included the bug here, so theres no way of telling whos abused this bug and where your data has gone. If you have SSL certificates for your site(s), revoke them, if you're using Linux or MaxOSX, update OpenSSL. |
|||||||
|
2014-04-10, 12:22
Post: #2
|
|||||||
|
|||||||
|
RE: Hearbleed bug in OpenSSL
It's in danish news today, and they suggest that we change our passwords on certain popular sites.
I wasn't aware of this before. |
|||||||
|
|
|||||||
![[TC] CityDriving Chief Constables](/images/groupimages/GroupImage-CC.png "[TC] CityDriving Chief Constables")
|
2014-04-10, 12:55
Post: #3
|
|||||||
|
|||||||
|
RE: Hearbleed bug in OpenSSL
OpenSSL is a bit of a mess to be honest. But I guess we still don't have many better options.
|
|||||||
|
|
|||||||
|
2014-04-10, 15:07
(This post was last modified: 2014-04-10 15:07 by Pete.)
Post: #4
|
|||||||
|
|||||||
RE: Hearbleed bug in OpenSSL
![[Image: heartbleed.png]](http://imgs.xkcd.com/comics/heartbleed.png)
|
|||||||
|
|
|||||||
![[TC] Team Leaders](/images/groupimages/GroupImage-TeamLeader.png "[TC] Team Leaders")
|
2014-04-10, 15:09
Post: #5
|
|||||||
|
|||||||
|
RE: Hearbleed bug in OpenSSL
Heatbleed apperantly was abused in Nov. 2013 from 2 computers which are part of a botnet to read chatlogs from the Freenode IRC Network.
German source: http://www.golem.de/news/openssl-bug-spu...05782.html |
|||||||
|
|
|||||||
|
2014-04-10, 15:23
Post: #6
|
|||||||
|
|||||||
| RE: Hearbleed bug in OpenSSL | |||||||
|
|
|||||||
|
2014-04-10, 16:47
Post: #7
|
|||||||
|
|||||||
| RE: Hearbleed bug in OpenSSL | |||||||
|
|
|||||||
|
2014-04-10, 17:14
Post: #8
|
|||||||
|
|||||||
| RE: Hearbleed bug in OpenSSL | |||||||
|
|
|||||||
|
2014-04-10, 23:22
Post: #9
|
|||||||
|
|||||||
| RE: Hearbleed bug in OpenSSL | |||||||
|
2014-04-11, 15:10
(This post was last modified: 2014-04-11 15:10 by Pete.)
Post: #10
|
|||||||
|
|||||||
|
RE: Hearbleed bug in OpenSSL
If you still have no idea what the Heartbleed bug is about:
![[Image: heartbleed_explanation.png]](http://imgs.xkcd.com/comics/heartbleed_explanation.png)
|
|||||||
|
|
|||||||
|
2014-04-11, 15:33
Post: #11
|
|||||||
|
|||||||
|
RE: Hearbleed bug in OpenSSL
Hmm that really clears it up. Thanks Pete!
|
|||||||
|
|||||||
|
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 1 Guest(s)