Author Topic: Major OpenSSL vulnerability found, thousands of websites could be affected (Read 719 times)

Great Rumbler · « **on:** April 09, 2014, 09:37:46 AM »

Quote from: http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet

A newly discovered security bug nicknamed Heartbleed has exposed millions of usernames, passwords and reportedly credit card numbers — a major problem that hackers could have exploited during the more than two years it went undetected.

It’s unlike most of the breaches reported over the past few years, in which one Web site or another got hacked or let its guard down. The flaw this time is in code designed to keep servers secure — tens of thousands of servers on which data is stored for thousands of sites.

That’s why some experts were calling Heartbleed the worst bug yet, something that should worry everyone who frequents the Internet or does business on it.

Quote

The bug was found in a type of software called OpenSSL, which is used on servers to encrypt sensitive information to protect people’s privacy. At least 500,000 servers were reportedly vulnerable.

“You should care about this because — whether you realize it or not — a hell of a lot of the security infrastructure you rely on is dependent in some way on OpenSSL,” Matthew Green, a cryptographer and research professor at Johns Hopkins University, said on his blog. “This includes many of the websites that store your personal information. And for better or for worse, industry’s reliance on OpenSSL is only increasing.”

Through the security flaw, which is said to be one of the most serious uncovered in recent years, Heartbleed can access the contents of a server’s memory where private data is stored.

demi · « **Reply #1 on:** April 09, 2014, 09:43:36 AM »

This has been making the rounds for the past few days, afaik.

I dont have SSL on here, but I did get the patch installed. So if you're concerned, change your password now.

I dont think you have anything to worry about, though.

Great Rumbler · « **Reply #2 on:** April 09, 2014, 09:47:34 AM »

demi

Momo · « **Reply #3 on:** April 09, 2014, 10:31:56 AM »

Already secured my shit, it's a rather simple exploit.

Joe Molotov · « **Reply #4 on:** April 09, 2014, 10:40:32 AM »

Long-haired open source liberal hippie technocommunists lose again.

Brehvolution · « **Reply #5 on:** April 10, 2014, 10:09:56 AM »

My permission to search the site seems to have been denied. Did I do something wrong or is because of recent changes?

demi · « **Reply #6 on:** April 10, 2014, 10:22:11 AM »

I disabled it for now while I work on it. Sorry.

Brehvolution · « **Reply #7 on:** April 10, 2014, 10:26:25 AM »

No problem. Thanks for the quick reply.

News: