Vulnerability in OpenSSL 1.0.1 heartbeat

Generic discussions with the emphasis on technology

Vulnerability in OpenSSL 1.0.1 heartbeat

Postby gR!ns » 08 Apr 2014, 11:45

"OpenSSL 1.0.1 contains a vulnerability that could disclose private information to an attacker." There is a patch for this at least in Ubuntu repo.

https://www.kb.cert.org/vuls/id/720951
User avatar
gR!ns
 
Posts: 500
Joined: 10 Mar 2012, 09:28
Location: 2nd reality

Re: Vulnerability in OpenSSL 1.0.1 heartbeat

Postby gaoesa » 08 Apr 2014, 13:58

He hoped and prayed that there wasn't an afterlife. Then he realized there was a contradiction involved here and merely hoped that there wasn't an afterlife.
- Douglas Adams

silEnT development
http://mygamingtalk.com/
gaoesa
Site Admin
 
Posts: 1524
Joined: 05 Apr 2010, 15:02
Location: Finland

Re: Vulnerability in OpenSSL 1.0.1 heartbeat

Postby gaoesa » 08 Apr 2014, 16:29

Here is some more information of this exploit
http://heartbleed.com/

OpenSSL is used in over 90 percent of SSL implementations, so now quickly to exploit this to find out the secrets of everybody. Please don't go into hysteria though, other implementations may not have this specific bug but they have been found to have other exploits and also, those implementations probably haven't been audited to the same extent as OpenSSL.
He hoped and prayed that there wasn't an afterlife. Then he realized there was a contradiction involved here and merely hoped that there wasn't an afterlife.
- Douglas Adams

silEnT development
http://mygamingtalk.com/
gaoesa
Site Admin
 
Posts: 1524
Joined: 05 Apr 2010, 15:02
Location: Finland



Return to Technology




Users browsing this forum: No registered users and 2 guests

cron