ABXZone Computer  Forums



Reply
 
Thread Tools Display Modes
Old 04-09-2014, 08:04 PM   #1
zapionics<alt>
&lt;unknown level&gt;
 
zapionics<alt>'s Avatar
 
Join Date: Dec 2002
Location: AUSTRALIA
Posts: 6,105
Heartbleed is a Catastrophic bug

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.

"There is no limit on the number of attacks that can be performed," Cyber-defence specialists at Fox-IT said in a blog post.

This is the big one we've been dreading with the current version of OpenSSL completely compromised. The only defence seems to be complete renewal of all private/public key pair and re-issue of all certificates. Not only that but all account passwords need to be replaced on the basis that they may have been compromised by multiple agencies.

Of course replacing your passwords should only be done after your service providers have updated all their web servers with the patch, new keys and certificates. That may take some time.

Personally, I would have to assume that the big institutions have been compromised and go from there.

Repeating; this is a complete failure of the current version of OpenSSL. All keys and certificates are compromised. All sites need to be patched and updated and all users need to update their passwords on all devices. I think OpenSSL is in widespread use by most of our institutions, government agencies, service providers and small to medium size businesses.

Story here
__________________
***
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Please note: any advertising within this post has been placed there by the site owner and NOT by me!
Why not avoid the ads by joining the 'Zone today? The site is mostly ad free for members!
***



"You Cannot Hide..."

Last edited by zapionics<alt>; 04-09-2014 at 08:09 PM..
(Offline)   Reply With Quote

Advertisement [Remove Advertisement]
Old 04-09-2014, 08:32 PM   #2
zapionics<alt>
&lt;unknown level&gt;
 
zapionics<alt>'s Avatar
 
Join Date: Dec 2002
Location: AUSTRALIA
Posts: 6,105
Re: Heartbleed is a Catastrophic bug

OpenSSL versions 1.0.1 through 1.0.1f (inclusive) are vulnerable. I should mention that OS's that shipped with any of these will be compromised out of the box. I'm also wondering about appliances, such as cloud servers.

Obviously all messages previously encrypted and sent are compromised. A lot of these get stored and archived. I suppose the information goes stale, especially financial data, but its still pretty disappointing.
__________________
***
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Please note: any advertising within this post has been placed there by the site owner and NOT by me!
Why not avoid the ads by joining the 'Zone today? The site is mostly ad free for members!
***



"You Cannot Hide..."
(Offline)   Reply With Quote
Old 04-09-2014, 10:19 PM   #3
Sandog
Moderator
 
Sandog's Avatar
 
Join Date: May 2003
Location: Alabama
Posts: 18,106
Re: Heartbleed is a Catastrophic bug

Sounds scary, hope MS patches it.
__________________
Windows 10 Pro / Corsair 760T Arctic White / ASUS ROG RAMPAGE VI APEX / Intel i7-7820X / ASUS ROG-STRIX-GTX1080-O8G-11GBPS / Corsair Dominator Platinum ROG Edition 32GB DDR4 DRAM 3200MHz C16 / SeaSonic Prime 750W Titanium / ASUS ROG SWIFT PG348Q / Intel Optane SSD 900P 480GB / Samsung 850 Pro 1TB / Ducky YoTS / ASUS ROG GLADIUS II / ASUS Essence STX / Audioengine HDP6, N22, S8 / AKG K712 PRO


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
(Online)   Reply With Quote
Old 04-09-2014, 11:44 PM   #4
traveler
Where to next?
 
traveler's Avatar
 
Join Date: May 2001
Location: South Florida
Posts: 19,787
Yeah ... especially for XP !!!!!!! We need that XP patch right away.




(Offline)   Reply With Quote
Old 04-10-2014, 03:53 AM   #5
zapionics<alt>
&lt;unknown level&gt;
 
zapionics<alt>'s Avatar
 
Join Date: Dec 2002
Location: AUSTRALIA
Posts: 6,105
Re: Heartbleed is a Catastrophic bug

It looks like Yahoo mail is gone, if you have an account with them you need to update your password at least, or just get out.
In the meantime, readers should steer clear of Yahoo Mail and any other sites that are still running vulnerable versions of OpenSSL.
Link

Theres also exposure to routers, i dk about you guys but i have no clue how to patch my router, i don't even think its possible.
__________________
***
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Please note: any advertising within this post has been placed there by the site owner and NOT by me!
Why not avoid the ads by joining the 'Zone today? The site is mostly ad free for members!
***



"You Cannot Hide..."
(Offline)   Reply With Quote
Old 04-10-2014, 04:19 AM   #6
zapionics<alt>
&lt;unknown level&gt;
 
zapionics<alt>'s Avatar
 
Join Date: Dec 2002
Location: AUSTRALIA
Posts: 6,105
Re: Heartbleed is a Catastrophic bug

Some information here, "What the Heartbleed Security Bug Means for You"
Even if a site is patched you wont know if they were exposed previously, so if they don't post a statement then you still should update your passwords.
__________________
***
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Please note: any advertising within this post has been placed there by the site owner and NOT by me!
Why not avoid the ads by joining the 'Zone today? The site is mostly ad free for members!
***



"You Cannot Hide..."
(Offline)   Reply With Quote
Old 04-10-2014, 08:06 AM   #7
Sandog
Moderator
 
Sandog's Avatar
 
Join Date: May 2003
Location: Alabama
Posts: 18,106
Re: Heartbleed is a Catastrophic bug

My ISP expired my mail exchange password the other day.
__________________
Windows 10 Pro / Corsair 760T Arctic White / ASUS ROG RAMPAGE VI APEX / Intel i7-7820X / ASUS ROG-STRIX-GTX1080-O8G-11GBPS / Corsair Dominator Platinum ROG Edition 32GB DDR4 DRAM 3200MHz C16 / SeaSonic Prime 750W Titanium / ASUS ROG SWIFT PG348Q / Intel Optane SSD 900P 480GB / Samsung 850 Pro 1TB / Ducky YoTS / ASUS ROG GLADIUS II / ASUS Essence STX / Audioengine HDP6, N22, S8 / AKG K712 PRO


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
(Online)   Reply With Quote
Old 04-22-2014, 04:05 AM   #8
Whammamoosha
Airborne Gadget Snatcher
 
Whammamoosha's Avatar
 
Join Date: Nov 2003
Location: Rio de Janeiro, Brazil
Posts: 652
Re: Heartbleed is a Catastrophic bug

Could it affect an ARRIS cable modem over 802.11 (OTA exposure)?
__________________
Earthly by birth,
Watery by affinity,
Airborne by imagination,
Cosmic by goal.
(Offline)   Reply With Quote
Old 04-22-2014, 09:40 AM   #9
fvbounty
Registered User
 
fvbounty's Avatar
 
Join Date: Nov 2002
Location: Alameda Ca
Posts: 20,409
Re: Heartbleed is a Catastrophic bug

There's a lot of site that were no affected, I only had to change a few passwords!

The Heartbleed Hit List: The Passwords You Need to Change Right Now
__________________
Asus ROG RAMPAGE VI APEX, Intel I7 7820K Cooled by Noctua NH D15S, 32 Gigs Corsair Dominator Platinum CMD32GX4M4A2666C15, Asus GTX 980 TI Strix, Samsung 950 Pro 512 Gig NVMe SSD W10 PRO, Samsung 840 EVO 500 gig data, 1 TB WD Black data, Corsair 540 case with Corsair HXi750 PS, Dell UltraSharp U3415W 34" monitor, Ducky Shine 5 RGB Keyboard, Mionix Naos 7000 mouse, AudioEngine A5+ Speakers driven by Asus Xonar U7 MKII USB sound card, AKG 7XX Red Limited Edition Headphones ....and some other stuff!


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
(Offline)   Reply With Quote
Old 04-22-2014, 08:43 PM   #10
zapionics<alt>
&lt;unknown level&gt;
 
zapionics<alt>'s Avatar
 
Join Date: Dec 2002
Location: AUSTRALIA
Posts: 6,105
Re: Heartbleed is a Catastrophic bug

So many banks claim they were not affected, what a surprise, hehe.
Seriously, I'd consider changing passwords everywhere at this point, especially if they involve money or sensitive information. I'd also consider the risk of identity theft or the impacts of losing control of a service if its hijacked.

Why is it that in hindsight things are obvious but not at the time? Something to do with adaptive learning, i think. For example it probably took 100,000 years before someone invented the wheel, but i'm sure that the very next day everyone else was copying it.
__________________
***
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Please note: any advertising within this post has been placed there by the site owner and NOT by me!
Why not avoid the ads by joining the 'Zone today? The site is mostly ad free for members!
***



"You Cannot Hide..."
(Offline)   Reply With Quote
Old 04-22-2014, 09:12 PM   #11
zapionics<alt>
&lt;unknown level&gt;
 
zapionics<alt>'s Avatar
 
Join Date: Dec 2002
Location: AUSTRALIA
Posts: 6,105
Re: Heartbleed is a Catastrophic bug

Quote:
Originally Posted by Whammamoosha View Post
Could it affect an ARRIS cable modem over 802.11 (OTA exposure)?
Modem-Routers using OpenSSL between versions 1.0.1 (excluding 1.0.1g) and 1.0.2 are affected and need their firmware to be updated, if possible.
I'd be checking their support site to understand how your particular device is impacted. I think only Cisco is publishing much info at the moment though.
__________________
***
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Please note: any advertising within this post has been placed there by the site owner and NOT by me!
Why not avoid the ads by joining the 'Zone today? The site is mostly ad free for members!
***



"You Cannot Hide..."
(Offline)   Reply With Quote
Old 04-25-2014, 03:14 PM   #12
Whammamoosha
Airborne Gadget Snatcher
 
Whammamoosha's Avatar
 
Join Date: Nov 2003
Location: Rio de Janeiro, Brazil
Posts: 652
Angry Re: Heartbleed is a Catastrophic bug

Quote:
Originally Posted by zapionics<alt> View Post
Modem-Routers using OpenSSL between versions 1.0.1 (excluding 1.0.1g) and 1.0.2 are affected and need their firmware to be updated, if possible.
I'd be checking their support site to understand how your particular device is impacted. I think only Cisco is publishing much info at the moment though.
My modem/router model is TG862A/BR, its firmware is pretty outdated (2011). Looks the the carrier isn't going to issue an update.
__________________
Earthly by birth,
Watery by affinity,
Airborne by imagination,
Cosmic by goal.
(Offline)   Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin® Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com

© 2006 - 2016 ABXZone Forums | About ABX Zone Forums | Advertisers | Investors | Legal | A member of the Crowdgather Forum Community