Register - Login
Views: 95162668
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies
09-20-18 12:57:55 PM

Jul - News - Heartbleed New poll - New thread - New reply
Next newer thread | Next older thread

TCRF Super Editor
Level: 54

Posts: 415/813
EXP: 1188922
For next: 44948

Since: 07-09-11

Since last post: 87 days
Last activity: 17 days

Posted on 04-13-14 02:21:02 PM (last edited by divingkataetheweirdo at 04-13-14 02:24:29 PM) Link | Quote
For those unaware, it's a real pain in the behind. It's an OpenSSL exploit that allows one to read the memory of server using a request to get a server's keys to reveal passwords. You can access up to 64kb at a time, but it can be repeated constantly to get all of the needed info. The current advice is to wait until the bug is fixed, then change your password.

Considering Yahoo is/was using a vulnerable version of OpenSSL...

Also, the NSA is rumored to have been using it to hack accounts, but they are denying they even about its existence.
Level: 72

Posts: 1170/1807
EXP: 3297814
For next: 25948

Since: 09-03-13

From: ???

Since last post: 8 days
Last activity: 8 hours

Posted on 04-14-14 03:52:13 PM Link | Quote
I felt about linking to a video of the POC Python script just for those who wanted to see a demonstration of the bug

<object width="420" height="315"><embed src="//" type="application/x-shockwave-flash" width="420" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>

Star Mario
Level: 128

Posts: 5165/5255
EXP: 24326903
For next: 54797

Since: 07-22-07

Pronouns: he/him/whatever
From: RSP Segment 6

Since last post: 7 days
Last activity: 6 days

Posted on 06-25-14 02:23:38 PM Link | Quote
And this is why we don't:

  • Write horrible ugly shitty code that nobody can read

  • Assume code is safe when you can't read it

  • Try to be clever with syscalls

  • Fail to thoroughly test security-critical code

When people say open source is more secure, the whole reason for that is because you can look at the code and see if it's sane. Writing code that nobody can fucking read isn't much better than not publishing the code at all.
Next newer thread | Next older thread
Jul - News - Heartbleed New poll - New thread - New reply

Rusted Logic

Acmlmboard - commit 5d36857 [2018-03-03]
©2000-2018 Acmlm, Xkeeper, Inuyasha, et al.

27 database queries.
Query execution time: 0.192825 seconds
Script execution time: 0.006343 seconds
Total render time: 0.199168 seconds
Memory used: 524288