Skip to comments.
Serious OpenSSL bug renders websites wide open
itnews au ^
| on Apr 8, 2014 8:07 AM
| Juha Saarinen
Posted on 04/08/2014 11:13:55 AM PDT by Utilizer
A serious vulnerability in the popular OpenSSL cryptographic library has been discovered that allows attackers to steal information unnoticed.
Known as the Heartbleed bug, the vulnerability allows anyone on the Internet to read the memory of systems that run vulnerable versions of OpenSSL, revealing the secret authentication and encryption keys to protect the traffic. User names, passwords and the actual content of the communications can also be read.
...
OpenSSL recommends that uses immediately upgrade to version 1.0.1g. If that's not possible, users should recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag to remove the the heartbeat handshake. The 1.0.2 version of OpenSSL will be fixed with beta 2.
Debian Wheezy, Ubuntu 12.04.4 LTS, Centos 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2 are all listed as vulnerable...
(Excerpt) Read more at itnews.com.au ...
TOPICS: Business/Economy; Computers/Internet
KEYWORDS: bug; centos; debian; fedora; freebsd; heartbleedbug; linux; netbsdopensuse; openbsd; openssl; security; ssl; ubuntu
Navigation: use the links below to view more comments.
first 1-20, 21-31 next last
A bit more info at the site (and lots more ads) (use Ghostery), but the relevant info is posted here.
1
posted on
04/08/2014 11:13:55 AM PDT
by
Utilizer
To: ShadowAce
You might be interested in this, mate.
2
posted on
04/08/2014 11:15:13 AM PDT
by
Utilizer
(Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
To: ShadowAce; Ernest_at_the_Beach; martin_fierro
Whoopsie. Thanks Utilizer.
3
posted on
04/08/2014 11:28:31 AM PDT
by
SunkenCiv
(https://secure.freerepublic.com/donate/)
To: Utilizer
Very interesting!!
Thanks for posting this.
4
posted on
04/08/2014 11:29:08 AM PDT
by
Zathras
To: Utilizer
I wondered when this would hit FR ?
To: Utilizer
“Debian Wheezy, Ubuntu 12.04.4 LTS, Centos 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2 are all listed as vulnerable...”
It’s those pesky windows machines again....
Wait! What?
6
posted on
04/08/2014 11:41:07 AM PDT
by
ImaGraftedBranch
(...By reading this, you've collapsed my wave function. Thanks.)
To: Utilizer; rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; amigatec; Still Thinking; ...
7
posted on
04/08/2014 11:43:04 AM PDT
by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: Utilizer
UGH! This SUCKS! I’ve got to recompile my SSL CAs due to this. I doubt it’s a big problem, but it’s a PITA.
FWIW, many large businesses use OpenSSL for certificate services. It’s inherently more secure than Windows ADCS, but it’s a bear to manage. You’d be surprised how ubiquitous this software truly is.
8
posted on
04/08/2014 11:44:35 AM PDT
by
rarestia
(It's time to water the Tree of Liberty.)
To: Utilizer
9
posted on
04/08/2014 11:51:29 AM PDT
by
rarestia
(It's time to water the Tree of Liberty.)
To: SunkenCiv
Welcome, mate. We need to look out for one another after all.
10
posted on
04/08/2014 11:55:19 AM PDT
by
Utilizer
(Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
To: Zathras
No worries. Hope it helps many.
11
posted on
04/08/2014 11:56:27 AM PDT
by
Utilizer
(Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
To: George from New England
I wondered when this would hit FR ? Give us a break, mate. Only posted about nineteen hours ago, and not all of us have net access 24/7. :)
12
posted on
04/08/2014 11:58:50 AM PDT
by
Utilizer
(Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
To: ImaGraftedBranch
This affects any machines that run these vulnerable versions of OpenSSL, including 'doze machines and maccompukers as well I would imagine. Note however that as usual it is the 'nix crowd that discovered this bug and patched it, with not a whimper from the MS pukes or macophiles. Macmachines run OS-X, I think, which is unix-based so they should really take a closer look at this.
I understand some gaming consoles also use some version of OpenSSL for online games and logins, but then again they along with the macs are primarily graphics boxen and obviously have little need for REAL computing and security.
13
posted on
04/08/2014 12:05:49 PM PDT
by
Utilizer
(Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
To: rarestia
True. It may not affect every machine out there, but for those of us with a need for good security especially businesses of any size this is a bug worth paying attention to.
14
posted on
04/08/2014 12:08:16 PM PDT
by
Utilizer
(Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
To: Utilizer
Fedora 20 here:
OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Looks OK.
15
posted on
04/08/2014 12:08:22 PM PDT
by
zeugma
(Don't cry because it's over, smile because it happened - Dr. Seuss (I'll see you again someday Hope))
To: zeugma
Reply to self... e comes before g, stoopid.
16
posted on
04/08/2014 12:11:05 PM PDT
by
zeugma
(Don't cry because it's over, smile because it happened - Dr. Seuss (I'll see you again someday Hope))
To: zeugma
*snicker* Thanks for the laugh, mate! *grin*
17
posted on
04/08/2014 12:20:59 PM PDT
by
Utilizer
(Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
To: Utilizer
Probably hackers have discovered a purposed NSA backdoor.
18
posted on
04/08/2014 12:42:22 PM PDT
by
Lazamataz
(Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
To: Utilizer
If you use OpenSSL to encrypt your data, you’re vulnerable. Period. I have 20 VMs in my home environment alone that I have to patch. Revoking and reassigning certificates is a nightmare. I think the worst part is not knowing: not knowing if any of my data was ever leaked. That’s what hurts the most.
19
posted on
04/08/2014 3:48:58 PM PDT
by
rarestia
(It's time to water the Tree of Liberty.)
To: Utilizer
*snicker* Thanks for the laugh, mate! *grin* I'm just glad that I noticed my stupidity rather than some wag here. Hard to live that kind of thing down. :-)
20
posted on
04/08/2014 5:03:35 PM PDT
by
zeugma
(Don't cry because it's over, smile because it happened - Dr. Seuss (I'll see you again someday Hope))
Navigation: use the links below to view more comments.
first 1-20, 21-31 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson