"Heartbleed" SSL vulnerability

Started by Prob Lem, April 10, 2014, 09:58:26 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Print
Go Down Pages1
User actions

Prob Lem

April 10, 2014, 09:58:26 PM
Just a quick heads-up in case this news has passed anyone by: There's been a vulnerability discovered in OpenSSL that makes it possible for eviltons and ne'er-do-wells to eavesdrop on connections that should be secure. There's a decent-enough summary of it http://www.bbc.co.uk/news/technology-26969629" class="bbc_link" target="_blank">on the BBC News website, here.

Depending on the services you use, you may want to hold off on changing all passwords immediately, though - if you do so with services which have not yet both patched their OpenSSL installations *and* re-generated their security certificates, it's a pointless exercise, as there may be a potential risk of this information being exposed if attackers hit that service, and you'll just need to do it all over again when they do patch and update their certificates.

There is http://filippo.io/Heartbleed/" class="bbc_link" target="_blank">a tool for checking whether servers are or were affected, and have or have not yet been fixed, and password-management services such as LastPass are providing updates on which passwords users do and don't need to deal with right now, from within their tools.

mobius

#1
April 10, 2014, 10:15:44 PM
thanks for your continual effort of pointing these things out  http://www.lemmingsforums.com/Smileys/lemmings/thumbsup.gif" alt=":thumbsup:" title="Thumbs Up" class="smiley" />

I heard about this. It might explain my plague of viruses last year...  http://www.lemmingsforums.com/Smileys/lemmings/undecided.gif" alt=":-\" title="Undecided" class="smiley" />
everything by me: https://www.lemmingsforums.net/index.php?topic=5982.msg96035#msg96035

"Not knowing how near the truth is, we seek it far away."
-Hakuin Ekaku

"I have seen a heap of trouble in my life, and most of it has never come to pass" - Mark Twain

Prob Lem

#2
April 10, 2014, 10:35:20 PM
Heh, no problem. http://www.lemmingsforums.com/Smileys/lemmings/laugh.gif" alt=":D" title="Laugh" class="smiley" /> I think it's important to post a heads-up, even when it's fairly likely everyone else already knows, just in case someone doesn't!

As far as viruses go, I'd say that that's unlikely to be related to this - this one is (generally, unless you're for some reason running an SSL service on your home box) on the server-side, so eviltons are much more likely to be targetting companies holding information that's of (or potentially of) financial value to them.
Print
Go Up Pages1
User actions