Go Back   Computer Forums > Welcome To Computer Forums .org > Social Lounge | Off Topic
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 04-17-2014, 02:00 AM   #11
Golden Master
 
BK_123's Avatar
 
Join Date: Dec 2009
Location: Australia
Posts: 7,534
Default Re: Worlwide Security Flaw - Heartbleed Bug

Quote:
Originally Posted by setishock View Post
I was reading it's a server side thing and has to be taken care of on their side of the screen. Am I interpreting that correctly?
I've read that too, So I think you are correct..
__________________

BK_123 is offline   Reply With Quote
Old 04-20-2014, 05:43 PM   #12
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,007
Default Re: Worlwide Security Flaw - Heartbleed Bug

Yes, there is a vulnerability in the heartbeat functionality of OpenSSL, (and only version 1.01 e, f ang g if I recall correctly.)

The vulnerability leaks the servers private key part of the certificate that is used to decrypt traffic, ergo, anyone can get the server key, and then decrypt private traffic in real time.

People who are affected therefore have to either upgrade (or downgrade) their version of OpenSSL, or they can recompile from source and not compile in the heartbeat functionality.

Since the keys are specific to the certificate (not the session) the certificate must be reissued with a new public/private key pair also, (there is not a lot of sense in continuing to use a certificate to encrypt when the decrypt key is widely known!)
__________________

__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 07:03 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0