Jump to content




Photo

Heartbleed (Massive internet security breach)


  • Please log in to reply
12 replies to this topic

#1 Icker

Icker

    Hall Of Fame

  • 8,924 posts
  • Joined: Jul 28, 2008
  • Location:california

Posted April 08, 2014 - 10:57 AM

Is this stuff real? Can I get a confirmation?

http://techcrunch.co...f-the-internet/

#2 Air Apparent

Air Apparent

    "Never underestimate the heart of a CHAMPION!"

  • 8,501 posts
  • Joined: Feb 09, 2009

Posted April 08, 2014 - 11:07 AM

tumblr's staff posted it as well on their blog, assuming it's legit


Edited by Clutch, April 08, 2014 - 11:07 AM.

bw1wOGf.png


#3 LakersFanatic

LakersFanatic

    Rookie

  • 911 posts
  • Joined: Jul 10, 2012
  • Fan Since:2000
  • Fav. Laker:Kobe

Posted April 08, 2014 - 11:09 AM

It is real. However, most web servers (close to 80%) are Linux based, and a fix has already been found. People running servers will need to apply the patch though, and to do that they need to be put aware of the situation. I actually work with this kind of thing. We tested this glitch in the office with our own servers, it's real.

#4 Icker

Icker

    Hall Of Fame

  • 8,924 posts
  • Joined: Jul 28, 2008
  • Location:california

Posted April 08, 2014 - 01:05 PM

So like... We forsure have to switch up our passwords??

#5 -Wade-

-Wade-

    知己知彼,百戰不殆

  • 5,862 posts
  • Joined: Jun 17, 2010
  • Location:◕‿◕
  • Name:Chao ❤
  • Fan Since:▄︻̷̿┻̿═━一
  • Fav. Laker:♛ Kobe Bryant

Posted April 08, 2014 - 01:51 PM

The vulnerability exists within a variety of applications that are using a certain range of openssl. This ranges from web servers to file servers, just about anything that can deploy ssl. This vulnerability, indeed, affects a large amount of websites that use ssl. It "bleeds" server memory to the attacker. Fun to try out on your own projects, dangerous to use against others.

 

 

So like... We forsure have to switch up our passwords??

 

Considering that the vulnerability has been present in a certain range of openssl versions for over 2 years, it would likely be in your best interest to change your passwords. Even if one was 99% sure your password wasn't compromised, it's that 1% that comes back to bite you. I don't know why any honest security professional would recommend against users changing their password, especially after a major vulnerability becomes known that affects so many applications.

 

Remember to make sure that your password is:

  • > 12 characters (I recommend 64 characters at a minimum)
  • Alphanumeric with at least one symbol
  • Not easily guessable
  • Not composed of dictionary words

And never setup security/recovery questions with accurate information. If someone can social engineer your mother's maiden name out of you and use it to recover your password, they will.


wKNsigp.png

"I'm always a firm believer in us being able to make our own decisions." --Kobe Bryant


#6 James Worthy

James Worthy

    Rookie

  • 820 posts
  • Joined: Jul 31, 2008
  • Fav. Laker:James Worthy

Posted April 09, 2014 - 03:44 AM

^^^^ 64 characters ????

#7 Windu

Windu

    Shatterpoint

  • 43,063 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted April 09, 2014 - 06:45 AM

So, do I need to change my passwords for everything online?


Pau Gasol is GONE


#8 -Wade-

-Wade-

    知己知彼,百戰不殆

  • 5,862 posts
  • Joined: Jun 17, 2010
  • Location:◕‿◕
  • Name:Chao ❤
  • Fan Since:▄︻̷̿┻̿═━一
  • Fav. Laker:♛ Kobe Bryant

Posted April 09, 2014 - 09:18 PM

So, do I need to change my passwords for everything online?

 

Please do. It is a must for system administrators, but I would recommend it even to users.

 

 

^^^^ 64 characters ????

 

Yes. Use a different 64 character password for each website. Use LastPass or KeePass to "remember" the passwords, autologin, etc. All of the passwords are encrypted and multi-factor authentication is supported.


wKNsigp.png

"I'm always a firm believer in us being able to make our own decisions." --Kobe Bryant


#9 Windu

Windu

    Shatterpoint

  • 43,063 posts
  • Joined: Apr 24, 2009
  • Name:Will
  • Fan Since:1999
  • Fav. Laker:Kobe

Posted April 12, 2014 - 07:21 AM

http://mashable.com/...d=146326&ctst=1

 

http://tif.mcafee.co...com&commit=Scan


Pau Gasol is GONE


#10 -Wade-

-Wade-

    知己知彼,百戰不殆

  • 5,862 posts
  • Joined: Jun 17, 2010
  • Location:◕‿◕
  • Name:Chao ❤
  • Fan Since:▄︻̷̿┻̿═━一
  • Fav. Laker:♛ Kobe Bryant

Posted April 12, 2014 - 02:51 PM

http://mashable.com/...d=146326&ctst=1

 

http://tif.mcafee.co...com&commit=Scan

 

EbewYxM.png


wKNsigp.png

"I'm always a firm believer in us being able to make our own decisions." --Kobe Bryant


#11 Icker

Icker

    Hall Of Fame

  • 8,924 posts
  • Joined: Jul 28, 2008
  • Location:california

Posted April 13, 2014 - 08:04 AM

Wade, you're fantastic. I'm on it.

#12    

   

  • 40,395 posts
  • Joined: Aug 26, 2010

Posted April 13, 2014 - 03:22 PM

^ Purple Ribbon.


yo.


#13 JEN

JEN

    Legend

  • 27,034 posts
  • Joined: Sep 20, 2008
  • Location:714

Posted April 17, 2014 - 09:12 AM

Canadian police arrest 19-year-old in alleged Heartbleed attack
 
Canadian police this week made what is believed to be the first arrest related to Heartbleed, a recently discovered bug that left countless websites vulnerable to cyber attacks.
 
The Royal Canadian Mounted Police on Tuesday arrested 19-year-old Stephen Arthuro Solis-Reyes of London, Ontario. He is believed to have exploited the Heartbleed bug to steal the data of about 900 Canadians from the country's tax revenue agency.
 
Solis-Reyes now faces two counts of computer-related crimes and is scheduled to appear in court this July.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users