Register - Login
Views: 86359251
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - JCS - Stats - Latest Posts - Color Chart - Smilies
10-17-17 11:53:43 AM

Jul - News - Heartbleed New poll - New thread - New reply
Next newer thread | Next older thread
divingkataetheweirdo

Lantern Ghost
TCRF Super Editor
Level: 51


Posts: 415/763
EXP: 1009103
For next: 4835

Since: 07-09-11


Since last post: 15 days
Last activity: 3 days

Posted on 04-13-14 02:21:02 PM (last edited by divingkataetheweirdo at 04-13-14 02:24:29 PM) Link | Quote
For those unaware, it's a real pain in the behind. It's an OpenSSL exploit that allows one to read the memory of server using a request to get a server's keys to reveal passwords. You can access up to 64kb at a time, but it can be repeated constantly to get all of the needed info. The current advice is to wait until the bug is fixed, then change your password.

Considering Yahoo is/was using a vulnerable version of OpenSSL...

Also, the NSA is rumored to have been using it to hack accounts, but they are denying they even about its existence.
Kak

gg photobucket
Level: 67


Posts: 1170/1635
EXP: 2564901
For next: 27971

Since: 09-03-13
From: ???

Since last post: 6 days
Last activity: 15 hours

Posted on 04-14-14 03:52:13 PM Link | Quote
I felt about linking to a video of the POC Python script just for those who wanted to see a demonstration of the bug

Rena

Star Mario
Fennel
Level: 127


Posts: 5165/5239
EXP: 23190511
For next: 536055

Since: 07-22-07
From: RSP Segment 6

Since last post: 59 days
Last activity: 17 days

Posted on 06-25-14 02:23:38 PM Link | Quote
And this is why we don't:


  • Write horrible ugly shitty code that nobody can read

  • Assume code is safe when you can't read it

  • Try to be clever with syscalls

  • Fail to thoroughly test security-critical code



When people say open source is more secure, the whole reason for that is because you can look at the code and see if it's sane. Writing code that nobody can fucking read isn't much better than not publishing the code at all.
Next newer thread | Next older thread
Jul - News - Heartbleed New poll - New thread - New reply




Rusted Logic

Acmlmboard - commit 2f1bc75 [2017-08-27]
©2000-2017 Acmlm, Xkeeper, Inuyasha, et al.

28 database queries.
Query execution time: 0.134422 seconds
Script execution time: 0.004799 seconds
Total render time: 0.139221 seconds