Register - Login
Views: 88833126
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies
02-18-18 06:15:34 AM

Jul - News - Heartbleed New poll - New thread - New reply
Next newer thread | Next older thread
divingkataetheweirdo

Bandit
TCRF Super Editor
Level: 53


Posts: 415/802
EXP: 1116431
For next: 40688

Since: 07-09-11


Since last post: 1 day
Last activity: 8 hours

Posted on 04-13-14 02:21:02 PM (last edited by divingkataetheweirdo at 04-13-14 02:24:29 PM) Link | Quote
For those unaware, it's a real pain in the behind. It's an OpenSSL exploit that allows one to read the memory of server using a request to get a server's keys to reveal passwords. You can access up to 64kb at a time, but it can be repeated constantly to get all of the needed info. The current advice is to wait until the bug is fixed, then change your password.

Considering Yahoo is/was using a vulnerable version of OpenSSL...

Also, the NSA is rumored to have been using it to hack accounts, but they are denying they even about its existence.
Kak

gg photobucket
Level: 70


Posts: 1170/1748
EXP: 2949652
For next: 66159

Since: 09-03-13
From: ???

Since last post: 2 days
Last activity: 12 hours

Posted on 04-14-14 03:52:13 PM Link | Quote
I felt about linking to a video of the POC Python script just for those who wanted to see a demonstration of the bug

<object width="420" height="315"><embed src="//www.youtube.com/v/UhpqexK2epc?hl=it_IT&version=3&rel=0" type="application/x-shockwave-flash" width="420" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>
Rena

Star Mario
Fennel
Level: 127


Posts: 5165/5239
EXP: 23571225
For next: 155341

Since: 07-22-07
From: RSP Segment 6

Since last post: 183 days
Last activity: 141 days

Posted on 06-25-14 02:23:38 PM Link | Quote
And this is why we don't:


  • Write horrible ugly shitty code that nobody can read

  • Assume code is safe when you can't read it

  • Try to be clever with syscalls

  • Fail to thoroughly test security-critical code



When people say open source is more secure, the whole reason for that is because you can look at the code and see if it's sane. Writing code that nobody can fucking read isn't much better than not publishing the code at all.
Next newer thread | Next older thread
Jul - News - Heartbleed New poll - New thread - New reply




Rusted Logic

Acmlmboard - commit 25b5dc1 [2018-02-01]
©2000-2018 Acmlm, Xkeeper, Inuyasha, et al.

28 database queries.
Query execution time: 0.171661 seconds
Script execution time: 0.006626 seconds
Total render time: 0.178287 seconds