THE BORE

General => The Superdeep Borehole => Topic started by: Great Rumbler on April 09, 2014, 09:37:46 AM

Title: Major OpenSSL vulnerability found, thousands of websites could be affected
Post by: Great Rumbler on April 09, 2014, 09:37:46 AM

Quote from: http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet

A newly discovered security bug nicknamed Heartbleed has exposed millions of usernames, passwords and reportedly credit card numbers — a major problem that hackers could have exploited during the more than two years it went undetected.

It’s unlike most of the breaches reported over the past few years, in which one Web site or another got hacked or let its guard down. The flaw this time is in code designed to keep servers secure — tens of thousands of servers on which data is stored for thousands of sites.

That’s why some experts were calling Heartbleed the worst bug yet, something that should worry everyone who frequents the Internet or does business on it.

Quote

The bug was found in a type of software called OpenSSL, which is used on servers to encrypt sensitive information to protect people’s privacy. At least 500,000 servers were reportedly vulnerable.

“You should care about this because — whether you realize it or not — a hell of a lot of the security infrastructure you rely on is dependent in some way on OpenSSL,” Matthew Green, a cryptographer and research professor at Johns Hopkins University, said on his blog. “This includes many of the websites that store your personal information. And for better or for worse, industry’s reliance on OpenSSL is only increasing.”

Through the security flaw, which is said to be one of the most serious uncovered in recent years, Heartbleed can access the contents of a server’s memory where private data is stored.

:goty

Title: Re: Major OpenSSL vulnerability found, thousands of websites could be affected
Post by: demi on April 09, 2014, 09:43:36 AM

This has been making the rounds for the past few days, afaik.

I dont have SSL on here, but I did get the patch installed. So if you're concerned, change your password now.

I dont think you have anything to worry about, though.

Title: Re: Major OpenSSL vulnerability found, thousands of websites could be affected
Post by: Great Rumbler on April 09, 2014, 09:47:34 AM

:bow demi :bow2

Title: Re: Major OpenSSL vulnerability found, thousands of websites could be affected
Post by: Momo on April 09, 2014, 10:31:56 AM

Already secured my shit, it's a rather simple exploit.

Title: Re: Major OpenSSL vulnerability found, thousands of websites could be affected
Post by: Joe Molotov on April 09, 2014, 10:40:32 AM

Long-haired open source liberal hippie technocommunists lose again.

Title: Re: Major OpenSSL vulnerability found, thousands of websites could be affected
Post by: Brehvolution on April 10, 2014, 10:09:56 AM

My permission to search the site seems to have been denied. Did I do something wrong or is because of recent changes?

Title: Re: Major OpenSSL vulnerability found, thousands of websites could be affected
Post by: demi on April 10, 2014, 10:22:11 AM

I disabled it for now while I work on it. Sorry.

Title: Re: Major OpenSSL vulnerability found, thousands of websites could be affected
Post by: Brehvolution on April 10, 2014, 10:26:25 AM

No problem. Thanks for the quick reply.