Go Back   Computer Forums > Welcome To Computer Forums .org > Social Lounge | Off Topic
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 04-09-2014, 10:16 AM   #1
Fully Optimized
 
ssc456's Avatar
 
Join Date: Jan 2007
Posts: 4,279
Send a message via MSN to ssc456
Default Worlwide Security Flaw - Heartbleed Bug

So some "industry experts" are urging people to change every single internet password they have due to this security flaw . . .

BBC News - Heartbleed Bug: Public urged to reset all passwords

If i'm honest I've only briefly ready it as it doesn't concern me too much, I think if the bug has existed for 2 years then why is changing my password now going to make such a big difference?

*Edit. ohhhhh perhaps this is why:
Quote:
"The level of knowledge now needed to exploit this vulnerability is substantially less than it was 36 hours ago," the company's associate director Ollie Whitehouse told the BBC.

"Someone with a moderate level of technical skills running their own scripts - the Raspberry Pi generation - would probably be able to launch attacks successfully and gain sensitive information
__________________

__________________
He who has never failed has never attempted anything worth succeeding at.

Dont Eat Animals, Its Not Good For Them And They Dont Like It!
ssc456 is offline   Reply With Quote
Old 04-09-2014, 10:23 AM   #2
Fully Optimized
 
jmacavali's Avatar
 
Join Date: Jun 2009
Posts: 4,867
Default Re: Worlwide Security Flaw - Heartbleed Bug

Quote:
Originally Posted by Super Important Official With Super Important Sounding Title Like "Lead Security Officer of Corporate Security Operations"
"Oh hey, by the way, for the last two years you've been vulnerable to a breach in security, but don't worry we've fixed it and can absolutely 100% guarantee there are positively, absolutely no more vulnerabilities nor will there ever, ever be any again. We promise, cross our hearts!"

Actually, it is kind of crazy that this has existed for two years. It's my opinion that if it's been around for that long and we are just now hearing about it, it's unlikely that too many bad guys have gotten a hold of this info. On the other hand, now that they know about it, they will be targeting it so if companies don't apply the patch immediately then we might see some issues arise from it. They should have issues the patch first, before they told everyone in the world about it.
__________________

__________________
****************************************
Don't take life too seriously -- no one gets out alive. Plus, who wants to arrive to the hereafter in pristine condition wearing a suit and tie?
I want to slide in sideways, worn out, used up, hair a mess, clothes tattered, & screaming, "Whooo! What a ride!"
****************************************
jmacavali is offline   Reply With Quote
Old 04-09-2014, 10:25 AM   #3
Fully Optimized
 
ssc456's Avatar
 
Join Date: Jan 2007
Posts: 4,279
Send a message via MSN to ssc456
Default Re: Worlwide Security Flaw - Heartbleed Bug

Quote:
Originally Posted by jmacavali View Post
I don't understand the need to publish this as world wide news?

Why not let the security companies know, and allow them to issue a patch first, and then release this statement:
I agree, it looks like they tried to in part but it seems a little foolish the way they went about it:

Quote:
The BBC understands that Google warned a select number of organisations about the issue before making it public, so they could update their equipment to a new version of OpenSSL released at the start of the week.

However, it appears that Yahoo was not included on this list and tech site Cnet has reported that some people were able to obtain usernames and passwords from the company before it was able to apply the fix.
__________________
He who has never failed has never attempted anything worth succeeding at.

Dont Eat Animals, Its Not Good For Them And They Dont Like It!
ssc456 is offline   Reply With Quote
Old 04-10-2014, 03:27 AM   #4
Golden Master
 
BK_123's Avatar
 
Join Date: Dec 2009
Location: Australia
Posts: 7,532
Default Re: Worlwide Security Flaw - Heartbleed Bug

OpenSSL Bug
BK_123 is online now   Reply With Quote
Old 04-10-2014, 12:22 PM   #5
Fully Optimized
 
jmacavali's Avatar
 
Join Date: Jun 2009
Posts: 4,867
Default Re: Worlwide Security Flaw - Heartbleed Bug

Just an FYI if you want to check some of the major sites effected:
The Heartbleed Hit List: The Passwords You Need to Change Right Now
__________________
****************************************
Don't take life too seriously -- no one gets out alive. Plus, who wants to arrive to the hereafter in pristine condition wearing a suit and tie?
I want to slide in sideways, worn out, used up, hair a mess, clothes tattered, & screaming, "Whooo! What a ride!"
****************************************
jmacavali is offline   Reply With Quote
Old 04-11-2014, 08:48 AM   #6
Golden Master
 
BK_123's Avatar
 
Join Date: Dec 2009
Location: Australia
Posts: 7,532
Default Re: Worlwide Security Flaw - Heartbleed Bug

Quote:
Originally Posted by jmacavali View Post
Just an FYI if you want to check some of the major sites effected:
The Heartbleed Hit List: The Passwords You Need to Change Right Now
Yep, Already changed my Facebook password..
BK_123 is online now   Reply With Quote
Old 04-15-2014, 05:13 PM   #7
Baseband Member
 
Join Date: Feb 2014
Location: United States
Posts: 89
Default Re: Worlwide Security Flaw - Heartbleed Bug

Do you guys think it's safe now for all sites? Or too early?
jakeny is offline   Reply With Quote
Old 04-15-2014, 11:01 PM   #8
Golden Master
 
BK_123's Avatar
 
Join Date: Dec 2009
Location: Australia
Posts: 7,532
Default Re: Worlwide Security Flaw - Heartbleed Bug

Quote:
Originally Posted by jakeny View Post
Do you guys think it's safe now for all sites? Or too early?
It's hard to say. Even though sites have applied the latest security patch and you haven't changed you password as advised you are still at risk.
BK_123 is online now   Reply With Quote
Old 04-16-2014, 08:44 PM   #9
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: Worlwide Security Flaw - Heartbleed Bug

likewise, if you changed your password on a site that was vulnerable BEFORE the bug was fixed, then you exposed both your old password AND your new password (not that great if you're using shared passwords!) (same passwords for multiple sites).


we're still changing SSL versions and applying for new certificates for a lot of the servers that we control (and are public facing) it's probably not safe to assume that all servers and services everywhere are safe now.


what is really pretty funy is the press releases from cert companies, if you've bought a cert from them, some are really helpful saying this is what this issue is, this is how you should resolve it, and let us know if you need to to generate new certificates, AND explaining the fastest way to get new certs... another cert company release a bulletin that said, it's not a problem with our certs, and if you use IIS it likely doesn't affect you, (without actually saying what was affected), just a shrug of responsibility, reassurance it's not their fault and leaving you to it!
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 04-17-2014, 01:58 AM   #10
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: Worlwide Security Flaw - Heartbleed Bug

I was reading it's a server side thing and has to be taken care of on their side of the screen. Am I interpreting that correctly?
__________________

setishock is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 07:21 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0