welcome to the fest
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Heartbleed: security flaw affects 2/3 of internet

 
Post new topic   Reply to topic    Sinfest Forum Index -> General Discussion
View previous topic :: View next topic  
Author Message
Darqcyde



Joined: 11 Jul 2006
Posts: 10587
Location: A false vacuum abiding in ignorance.

PostPosted: Wed Apr 09, 2014 3:31 pm    Post subject: Heartbleed: security flaw affects 2/3 of internet Reply with quote

Your security may be compromised by "heartbleed."

For those who don't know, it is a security flaw affecting a large portion of the internet. There is an extension for Google Chrome, to see if a site is vulnerable.

More info:
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

This following site offers a test to see if a site you plan on going to is vulnerable. It is run by the Italian security firm that helped find the flaw: http://filippo.io/Heartbleed/
_________________
...if a single leaf holds the eye, it will be as if the remaining leaves were not there.
http://about.me/omardrake
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger
Heretical Rants



Joined: 21 Jul 2009
Posts: 5344
Location: No.

PostPosted: Wed Apr 09, 2014 4:33 pm    Post subject: Reply with quote

basically, you should clear all of your sessions naow, and if you're a webmaster you should patch yer shit
_________________
butts
Back to top
View user's profile Send private message
WheelsOfConfusion



Joined: 09 Jul 2006
Posts: 12262
Location: Unknown Kaddath

PostPosted: Wed Apr 09, 2014 4:33 pm    Post subject: Reply with quote

Basically, all the affected websites need to patch their OpenSSL install. (Any end-user OS with OpenSSL packaged needs an update too, but end users aren't a likely target for the attack; the servers are. Ubuntu updated yesterday to fix this issue).

Then they'll need to change their certs.

After that, once they have the new cert in place, you'll need to change your password for the site.
Back to top
View user's profile Send private message Visit poster's website
Heretical Rants



Joined: 21 Jul 2009
Posts: 5344
Location: No.

PostPosted: Wed Apr 09, 2014 4:42 pm    Post subject: Reply with quote

my password is 'banana'
_________________
butts
Back to top
View user's profile Send private message
Darqcyde



Joined: 11 Jul 2006
Posts: 10587
Location: A false vacuum abiding in ignorance.

PostPosted: Wed Apr 09, 2014 6:00 pm    Post subject: Reply with quote

Heretical Rants wrote:
my password is 'banana'

You BASTARD!
_________________
...if a single leaf holds the eye, it will be as if the remaining leaves were not there.
http://about.me/omardrake
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger
Heretical Rants



Joined: 21 Jul 2009
Posts: 5344
Location: No.

PostPosted: Wed Apr 09, 2014 6:27 pm    Post subject: Reply with quote

I don't quite understand the reference, even if you link to it, since I can't make it more than a few seconds into that video and have difficulty processing that song in any form other than "Drop it like your mother got shot" which, now that I search for it, has apparently fallen victim to phenomenon known as `the-artist-has-taken-down-everything-they've-ever-made-like-seriously-their-bandcamp-tumblr-youtube-deviantart-etc-are-all-gone`
_________________
butts
Back to top
View user's profile Send private message
Darqcyde



Joined: 11 Jul 2006
Posts: 10587
Location: A false vacuum abiding in ignorance.

PostPosted: Wed Apr 09, 2014 6:42 pm    Post subject: Reply with quote

Heretical Rants wrote:
I don't quite understand the reference, even if you link to it, since I can't make it more than a few seconds into that video and have difficulty processing that song in any form other than "Drop it like your mother got shot" which, now that I search for it, has apparently fallen victim to phenomenon known as `the-artist-has-taken-down-everything-they've-ever-made-like-seriously-their-bandcamp-tumblr-youtube-deviantart-etc-are-all-gone`


How about this link: http://youtu.be/gZHjRQjbHrE?t=2m30s

If you don't get it, or why I referenced, consider yourself lucky.
_________________
...if a single leaf holds the eye, it will be as if the remaining leaves were not there.
http://about.me/omardrake
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger
WheelsOfConfusion



Joined: 09 Jul 2006
Posts: 12262
Location: Unknown Kaddath

PostPosted: Fri Apr 11, 2014 4:48 pm    Post subject: Reply with quote

It's looking like the "2/3rds of the Internet" thing is somewhat overblown, more like 10-11%. That's still huge, and hopefully every affected site will patch their shit, get new certs, and then tell users to reset their passwords.

Anyway, xkcd explains how the flaw actually works:

Back to top
View user's profile Send private message Visit poster's website
Moor



Joined: 07 May 2013
Posts: 318

PostPosted: Sat Apr 12, 2014 1:29 am    Post subject: Reply with quote

WheelsOfConfusion wrote:
It's looking like the "2/3rds of the Internet" thing is somewhat overblown, more like 10-11%.[/img]


Okay, but if we were doing things right, it should have affected 100% of the internet (or, well, probably more like 70%, because there are other SSL implementations, and OpenSSL is just the most popular? But I'm not sure about 70% because I don't know the usage rates). Seriously. SSL key certification should come with domain name registration.
Back to top
View user's profile Send private message
WheelsOfConfusion



Joined: 09 Jul 2006
Posts: 12262
Location: Unknown Kaddath

PostPosted: Sat Apr 12, 2014 2:13 am    Post subject: Reply with quote

If we were really doing things right, a bug like this would have been caught before release.
Back to top
View user's profile Send private message Visit poster's website
Moor



Joined: 07 May 2013
Posts: 318

PostPosted: Sat Apr 12, 2014 2:33 am    Post subject: Reply with quote

WheelsOfConfusion wrote:
If we were really doing things right, a bug like this would have been caught before release.

Yeah, but it's not as obvious* of a thing that everything should be SSL.


(* Obvious is kinda the wrong word. Basically, everyone knows that "there was a problem, and it should have been caught". But not everyone knows that the story is 10% of the internet had a vaccine that didn't work, but 85% didn't even have the vaccine. )
Back to top
View user's profile Send private message
Sam



Joined: 09 Jul 2006
Posts: 9559

PostPosted: Sat Apr 12, 2014 5:54 am    Post subject: Reply with quote

i changed all my passwords to hunter3

who's owned now, heartbleed
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Sinfest Forum Index -> General Discussion All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group