Jul -- News: Heartbleed

Register - Login
Views: 99392442	Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies	04-24-22 10:08:01 AM

Jul - News - Heartbleed

Next newer thread | Next older thread

divingkataetheweirdo

Bandit
TCRF Super Editor
Level: 57

Posts: 415/822
EXP: 1479719
For next: 6209

Since: 07-09-11

Since last post: 1.6 years
Last activity: 253 days

Posted on 04-13-14 05:21:02 PM (last edited by divingkataetheweirdo at 04-13-14 05:24:29 PM)

Link | Quote

For those unaware, it's a real pain in the behind. It's an OpenSSL exploit that allows one to read the memory of server using a request to get a server's keys to reveal passwords. You can access up to 64kb at a time, but it can be repeated constantly to get all of the needed info. The current advice is to wait until the bug is fixed, then change your password.

Considering Yahoo is/was using a vulnerable version of OpenSSL...

Also, the NSA is rumored to have been using it to hack accounts, but they are denying they even about its existence.

____________________

Kak

...
Level: 80

Posts: 1170/1928
EXP: 4755091
For next: 27878

Since: 09-03-13

From: ???

Since last post: 60 days
Last activity: 57 days

Posted on 04-14-14 06:52:13 PM

Link | Quote

I felt about linking to a video of the POC Python script just for those who wanted to see a demonstration of the bug

<object width="420" height="315"><embed src="//www.youtube.com/v/UhpqexK2epc?hl=it_IT&version=3&rel=0" type="application/x-shockwave-flash" width="420" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>

____________________

Links:
Profile	Send PM	My Youtube	Gaming Garbage

Rena
I had one (1) message in Discord deleted and proceeded to make a huge, huge mess about how it was a violation of free speech and how moderators are supposed to be spam janitors and nobody should have the right to tell me not to talk about school shootings
Level: 135

Posts: 5165/5390
EXP: 29051654
For next: 283351

Since: 07-22-07

Pronouns: he/him/whatever
From: RSP Segment 6

Since last post: 333 days
Last activity: 333 days

Posted on 06-25-14 05:23:38 PM

Link | Quote

Post #5165 · Wed 140625 132337

And this is why we don't:

Write horrible ugly shitty code that nobody can read
Assume code is safe when you can't read it
Try to be clever with syscalls
Fail to thoroughly test security-critical code

When people say open source is more secure, the whole reason for that is because you can look at the code and see if it's sane. Writing code that nobody can fucking read isn't much better than not publishing the code at all.

____________________

Programs

stuff goes here

Log out Shut down

Post #5165...[blag][Twitter][Freenet][My Arts]

Next newer thread | Next older thread

Jul - News - Heartbleed

Rusted Logic

Warning: You are using TidyHTML mode! Pages MAY and probably WILL break. To disable, click here or append 'xxx-off=1' to the URL!

Capturing turf before it was cool (click to hide in future page loads)

29 database queries.

Query execution time:	0.094825 seconds
Script execution time:	0.011564 seconds
Total render time:	0.106389 seconds

TidyHTML vomit below

line 1 column 1 - Warning: missing <!DOCTYPE> declaration
line 2 column 301 - Warning: unescaped & or unknown entity "&page"
line 119 column 11 - Warning: <form> isn't allowed in <table> elements
line 118 column 10 - Info: <table> previously mentioned
line 120 column 11 - Warning: missing <tr>
line 120 column 119 - Warning: missing </font> before </td>
line 124 column 16 - Warning: plain text isn't allowed in <tr> elements
line 120 column 11 - Info: <tr> previously mentioned
line 125 column 68 - Warning: missing </nobr> before </td>
line 141 column 68 - Warning: missing </nobr> before <tr>
line 147 column 35 - Warning: missing <tr>
line 147 column 50 - Warning: missing </font> before </td>
line 148 column 37 - Warning: unescaped & or unknown entity "&id"
line 147 column 162 - Warning: missing </font> before </table>
line 149 column 35 - Warning: missing <tr>
line 149 column 50 - Warning: missing </font> before </td>
line 149 column 91 - Warning: missing </font> before </table>
line 156 column 9 - Warning: <div> isn't allowed in <table> elements
line 152 column 17 - Info: <table> previously mentioned
line 158 column 9 - Warning: missing <tr>
line 176 column 13 - Warning: missing <tr>
line 177 column 102 - Warning: unescaped & or unknown entity "&postid"
line 186 column 9 - Warning: <div> isn't allowed in <table> elements
line 152 column 17 - Info: <table> previously mentioned
line 188 column 9 - Warning: missing <tr>
line 206 column 13 - Warning: missing <tr>
line 207 column 102 - Warning: unescaped & or unknown entity "&postid"
line 209 column 74 - Warning: <style> isn't allowed in <td> elements
line 209 column 9 - Info: <td> previously mentioned
line 211 column 1393 - Warning: discarding unexpected <param>
line 211 column 1486 - Warning: discarding unexpected </param>
line 211 column 1494 - Warning: discarding unexpected <param>
line 211 column 1537 - Warning: discarding unexpected </param>
line 211 column 1545 - Warning: discarding unexpected <param>
line 211 column 1592 - Warning: discarding unexpected </param>
line 211 column 1921 - Warning: missing <tr>
line 214 column 9 - Warning: <div> isn't allowed in <table> elements
line 152 column 17 - Info: <table> previously mentioned
line 216 column 9 - Warning: missing <tr>
line 234 column 13 - Warning: missing <tr>
line 235 column 102 - Warning: unescaped & or unknown entity "&postid"
line 240 column 1 - Warning: missing <li>
line 241 column 1 - Warning: missing <li>
line 242 column 1 - Warning: missing <li>
line 243 column 1 - Warning: missing <li>
line 244 column 1 - Warning: missing <li>
line 246 column 4896 - Warning: replacing unexpected input with </input>
line 246 column 5210 - Warning: discarding unexpected </span>
line 249 column 17 - Warning: missing <tr>
line 249 column 17 - Warning: discarding unexpected <table>
line 252 column 35 - Warning: missing <tr>
line 252 column 50 - Warning: missing </font> before </td>
line 252 column 91 - Warning: missing </font> before </table>
line 254 column 35 - Warning: missing <tr>
line 254 column 50 - Warning: missing </font> before </td>
line 255 column 37 - Warning: unescaped & or unknown entity "&id"
line 254 column 162 - Warning: missing </font> before </table>
line 256 column 17 - Warning: discarding unexpected </textarea>
line 256 column 28 - Warning: discarding unexpected </form>
line 256 column 35 - Warning: discarding unexpected </embed>
line 256 column 43 - Warning: discarding unexpected </noembed>
line 256 column 53 - Warning: discarding unexpected </noscript>
line 256 column 64 - Warning: discarding unexpected </noembed>
line 256 column 74 - Warning: discarding unexpected </embed>
line 256 column 82 - Warning: discarding unexpected </table>
line 256 column 90 - Warning: discarding unexpected </table>
line 258 column 9 - Warning: missing </font> before <table>
line 270 column 25 - Warning: discarding unexpected </font>
line 279 column 37 - Warning: discarding unexpected </font>
line 257 column 1 - Warning: missing </center>
line 120 column 63 - Warning: <img> lacks "alt" attribute
line 125 column 19 - Warning: <td> attribute "width" has invalid value "120px"
line 125 column 93 - Warning: <img> lacks "alt" attribute
line 141 column 19 - Warning: <td> attribute "width" has invalid value "120px"
line 141 column 98 - Warning: <img> lacks "alt" attribute
line 148 column 43 - Warning: <img> proprietary attribute value "absmiddle"
line 148 column 140 - Warning: <img> proprietary attribute value "absmiddle"
line 148 column 244 - Warning: <img> proprietary attribute value "absmiddle"
line 160 column 11 - Warning: <img> lacks "alt" attribute
line 161 column 22 - Warning: <img> lacks "alt" attribute
line 161 column 63 - Warning: <img> lacks "alt" attribute
line 161 column 112 - Warning: <img> lacks "alt" attribute
line 161 column 161 - Warning: <img> lacks "alt" attribute
line 162 column 11 - Warning: <img> lacks "alt" attribute
line 172 column 15 - Warning: <img> lacks "alt" attribute
line 183 column 811 - Warning: <img> lacks "alt" attribute
line 190 column 11 - Warning: <img> lacks "alt" attribute
line 191 column 22 - Warning: <img> lacks "alt" attribute
line 191 column 63 - Warning: <img> lacks "alt" attribute
line 191 column 112 - Warning: <img> lacks "alt" attribute
line 191 column 162 - Warning: <img> lacks "alt" attribute
line 192 column 11 - Warning: <img> lacks "alt" attribute
line 202 column 15 - Warning: <img> lacks "alt" attribute
line 219 column 23 - Warning: <img> lacks "alt" attribute
line 219 column 64 - Warning: <img> lacks "alt" attribute
line 219 column 113 - Warning: <img> lacks "alt" attribute
line 219 column 163 - Warning: <img> lacks "alt" attribute
line 230 column 15 - Warning: <img> lacks "alt" attribute
line 255 column 43 - Warning: <img> proprietary attribute value "absmiddle"
line 255 column 140 - Warning: <img> proprietary attribute value "absmiddle"
line 255 column 244 - Warning: <img> proprietary attribute value "absmiddle"
line 264 column 25 - Warning: <img> lacks "alt" attribute
line 269 column 267 - Warning: <img> lacks "alt" attribute
line 149 column 50 - Warning: trimming empty <font>
line 246 column 4963 - Warning: trimming empty <label>
line 249 column 17 - Warning: trimming empty <tr>
line 252 column 50 - Warning: trimming empty <font>
line 125 column 68 - Warning: <nobr> is not approved by W3C
line 141 column 68 - Warning: <nobr> is not approved by W3C
line 177 column 27 - Warning: <nobr> is not approved by W3C
line 207 column 27 - Warning: <nobr> is not approved by W3C
line 235 column 27 - Warning: <nobr> is not approved by W3C
Info: Document content looks like HTML5
Info: No system identifier in emitted doctype
Tidy found 106 warnings and 0 errors!

The alt attribute should be used to give a short description
of an image; longer descriptions should be given with the
longdesc attribute which takes a URL linked to the description.
These measures are needed for people using non-graphical browsers.

For further advice on how to make your pages accessible
see http://www.w3.org/WAI/GL.
You are recommended to use CSS to specify the font and
properties such as its size and color. This will reduce
the size of HTML files and make them easier to maintain
compared with using <FONT> elements.

You are recommended to use CSS to control line wrapping.
Use "white-space: nowrap" to inhibit wrapping in place
of inserting <NOBR>...</NOBR> into the markup.

About HTML Tidy: https://github.com/htacg/tidy-html5
Bug reports and comments: https://github.com/htacg/tidy-html5/issues
Official mailing list: https://lists.w3.org/Archives/Public/public-htacg/
Latest HTML specification: http://dev.w3.org/html5/spec-author-view/
Validate your HTML documents: http://validator.w3.org/nu/
Lobby your company to join the W3C: http://www.w3.org/Consortium

Do you speak a language other than English, or a different variant of
English? Consider helping us to localize HTML Tidy. For details please see
https://github.com/htacg/tidy-html5/blob/master/README/LOCALIZE.md