• Search
  • Member List
  • Help
  • Random Thread

  • Tech Discussion Heartbleed bug
    The Heartbleed computer vulnerability is caused by the heartbeat command in some versions of OpenSSL returning far more data from the web server to the client than it should.
    This can be exploited by a malicious user to get the web server to send large portions of its RAM content back to the user, including sensitive information such as user IDs, passwords, encryption keys and credit card numbers.

    Only web sites that have the https protocol enabled and are using the v1.0.1 or v1.0.2-beta releases of OpenSSL are affected, including 1.0.1f and 1.0.2-beta1.
    The Heartbleed vulnerability has been patched in OpenSSL v1.0.1g. It will also be patched in the forthcoming v1.0.2-beta2 release.
    The OpenSSL software is a ubiquitous software component that is installed on an estimated 2/3 of all the web servers on the Internet.

    From the OpenSSL.org web site:
    Quote:CVE-2014-0160: 7th April 2014

    A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server. This issue did not affect versions of OpenSSL prior to 1.0.1. Reported by Neel Mehta.

    Fixed in OpenSSL 1.0.1g (Affected 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)

    You can test if a https enabled web site that you use has the vulnerability by typing in its URL in the box provided on this web page:
    Test Your Server For
    ur Server For Heartbleed (CVE-2014-0160)

    Read more here:
    What you need to know about Heartbleed
    'Heartbleed' computer bug threat spreads to firewalls and beyond
    (This post was last modified: 04-12-2014, 03:59 PM by velvetfog.)

    Never underestimate the power of human stupidity.
    - Robert A. Heinlein
    Researchers detected a vulnerable flaw by the name “Heartbleed” phishing scam in the most popular security encryption OpenSSL.
    404 Error
    no description

    Users browsing this thread: 2 Guest(s)
    Rant Central
    Speak Your Mind