Vulnerability in OpenSSL 1.0.1 heartbeat

Generic discussions with the emphasis on technology
Post Reply
User avatar
gR!ns
Posts: 500
her blog
Joined: 10 Mar 2012, 09:28
Location: 2nd reality

Vulnerability in OpenSSL 1.0.1 heartbeat

Post by gR!ns »

"OpenSSL 1.0.1 contains a vulnerability that could disclose private information to an attacker." There is a patch for this at least in Ubuntu repo.

https://www.kb.cert.org/vuls/id/720951
gaoesa
Site Admin
Posts: 1520
Joined: 05 Apr 2010, 15:02
Location: Finland
Contact:

Re: Vulnerability in OpenSSL 1.0.1 heartbeat

Post by gaoesa »

He hoped and prayed that there wasn't an afterlife. Then he realized there was a contradiction involved here and merely hoped that there wasn't an afterlife.
- Douglas Adams

silEnT development
http://mygamingtalk.com/
gaoesa
Site Admin
Posts: 1520
Joined: 05 Apr 2010, 15:02
Location: Finland
Contact:

Re: Vulnerability in OpenSSL 1.0.1 heartbeat

Post by gaoesa »

Here is some more information of this exploit
http://heartbleed.com/

OpenSSL is used in over 90 percent of SSL implementations, so now quickly to exploit this to find out the secrets of everybody. Please don't go into hysteria though, other implementations may not have this specific bug but they have been found to have other exploits and also, those implementations probably haven't been audited to the same extent as OpenSSL.
He hoped and prayed that there wasn't an afterlife. Then he realized there was a contradiction involved here and merely hoped that there wasn't an afterlife.
- Douglas Adams

silEnT development
http://mygamingtalk.com/
Post Reply