Current time: 08-22-2017, 02:14 AM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Heartbleed bug
04-12-2014, 03:21 PM (This post was last modified: 04-12-2014 03:59 PM by velvetfog.)
Post: #1
Heartbleed bug
The Heartbleed computer vulnerability is caused by the heartbeat command in some versions of OpenSSL returning far more data from the web server to the client than it should.
This can be exploited by a malicious user to get the web server to send large portions of its RAM content back to the user, including sensitive information such as user IDs, passwords, encryption keys and credit card numbers.

Only web sites that have the https protocol enabled and are using the v1.0.1 or v1.0.2-beta releases of OpenSSL are affected, including 1.0.1f and 1.0.2-beta1.
The Heartbleed vulnerability has been patched in OpenSSL v1.0.1g. It will also be patched in the forthcoming v1.0.2-beta2 release.
The OpenSSL software is a ubiquitous software component that is installed on an estimated 2/3 of all the web servers on the Internet.

From the OpenSSL.org web site:
Quote:CVE-2014-0160: 7th April 2014

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server. This issue did not affect versions of OpenSSL prior to 1.0.1. Reported by Neel Mehta.

Fixed in OpenSSL 1.0.1g (Affected 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)

You can test if a https enabled web site that you use has the vulnerability by typing in its URL in the box provided on this web page:
http://filippo.io/Heartbleed/


Read more here:
What you need to know about Heartbleed
'Heartbleed' computer bug threat spreads to firewalls and beyond

Never underestimate the power of human stupidity.
- Robert A. Heinlein
Visit this user's website Find all posts by this user
Quote this message in a reply
04-18-2014, 07:49 AM
Post: #2
RE: Heartbleed bug
Researchers detected a vulnerable flaw by the name “Heartbleed” phishing scam in the most popular security encryption OpenSSL.
http://rankhive.com/security-risk-heartb...hing-scam/
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 1 Guest(s)