Go Back  

Passwords Vulnerable After Security Flaw Found 

Current Rating:

Join NowJoin Now
  #1  
Old 04-09-2014, 03:48 AM
gatagato's Avatar
gatagato
Offline:
★ Moderator ★
Poster Rank:180
Male
Join Date: Jul 2009
Contributions: 367
 
Mentioned: 59 Post(s)
Quoted: 854 Post(s)
Activity Longevity
5/20 15/20
Today Posts
1/11 sssss5491
Passwords Vulnerable After Security Flaw Found

Passwords, credit cards and other sensitive data are at risk after security researchers discovered a problem with an encryption technology used to securely transmit email, e-commerce transactions, social networking posts and other Web traffic.

Quote:
Security researchers say the threat, known as Heartbleed, is serious, partly because it remained undiscovered for more two years. Attackers can exploit the vulnerability without leaving any trace, so anything sent during that time has potentially been compromised. It’s not known, though, whether anyone has actually used it to conduct an attack.

Researchers are advising people to change all of their passwords.

The flaw was discovered independently in recent days by researchers at Google Inc. and the Finnish security firm Codenomicon.

The breach involves SSL/TLS, an encryption technology marked by the small, closed padlock and “https:” on Web browsers to signify that traffic is secure. With the Heartbleed flaw, traffic was subject to snooping even if the padlock had been closed.

The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.

Researchers at Codenomicon say that OpenSSL is used by two of the most widely used Web server software, Apache and nginx. That means many websites potentially have this security flaw. OpenSSL is also used to secure email, chats and virtual private networks, which are used by employees to connect securely with corporate networks.

Despite the worries, Codenomicon said many large consumer sites don’t have the problem because of their “conservative choice” of equipment and software. “Ironically smaller and more progressive services or those who have upgraded to (the) latest and best encryption will be affected most,” the security firm added.

A fix came out Monday, but affected websites and service providers must install the update.
Yahoo, Tumblr blogging service uses OpenSSL. In a blog post Tuesday, officials at the service said they had no evidence of any breach and had immediately implemented the fix.


“But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit,” Tumblr’s blog post read. “This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage, and banking, which may have been compromised by this bug.”

Yahoo Inc. said its other services, including email, Flickr and search, also have the vulnerability. The company said some of the systems have already been fixed, while work is being done on the rest of Yahoo’s websites.

The company reiterated its standard recommendation for people to change passwords regularly and to add a backup mobile number to the account. That number can be used to verify a user’s identity if there are problems accessing the account because of hacking.

http://www.washingtonpost.com/nation...3f0_story.html

https://www.openssl.org/news/secadv_20140407.txt
http://heartbleed.com/

Reply With Quote
The Following 3 Users Say Thank You to gatagato For This Useful Post:
Clubhouse, icheerthebull, TwistedSisterr
  #2  
Old 04-09-2014, 03:53 AM
gatagato's Avatar
gatagato
Offline:
★ Moderator ★
Poster Rank:180
Male
Join Date: Jul 2009
Contributions: 367
 
Mentioned: 59 Post(s)
Quoted: 854 Post(s)
Activity Longevity
5/20 15/20
Today Posts
1/11 sssss5491
Re: Passwords Vulnerable After Security Flaw Found

References
•CVE-2014-0160
•NCSC-FI case# 788210
http://www.openssl.org/news/secadv_20140407.txt (published 7th of April 2014, ~17:30 UTC)
http://blog.cloudflare.com/staying-a...ulnerabilities (published 7th of April 2014, ~18:00 UTC)
http://heartbleed.com (published 7th of April 2014, ~19:00 UTC)
http://www.ubuntu.com/usn/usn-2165-1/
http://www.freshports.org/security/openssl/
https://blog.torproject.org/blog/ope...-cve-2014-0160
https://rhn.redhat.com/errata/RHSA-2014-0376.html
http://lists.centos.org/pipermail/ce...il/020249.html
https://lists.fedoraproject.org/pipe...il/003205.html
http://www.kb.cert.org/vuls/id/720951
https://www.cert.fi/en/reports/2014/...ity788210.html
https://www.cert.at/warnings/all/20140408.html
http://www.circl.lu/pub/tr-21/

Reply With Quote
The Following 3 Users Say Thank You to gatagato For This Useful Post:
icheerthebull, Megamel29, TwistedSisterr
  #3  
Old 04-09-2014, 08:42 PM
Shakey's Avatar
Shakey
Offline:
★ Server Supporter ★
Poster Rank:18
MAN
Join Date: Nov 2009
 
Mentioned: 449 Post(s)
Quoted: 21531 Post(s)
Activity Longevity
17/20 14/20
Today Posts
2/11 ssss37847
Re: Passwords Vulnerable After Security Flaw Found


Reply With Quote
  #4  
Old 04-10-2014, 01:06 AM
Clubhouse's Avatar
Clubhouse
Offline:
So Fucking Banned
Poster Rank:7
Join Date: Jun 2009
 
Mentioned: 217 Post(s)
Quoted: 25063 Post(s)
Activity Longevity
0/20 15/20
Today Posts
0/11 ssss65212
Re: Passwords Vulnerable After Security Flaw Found

You can check any sites ssl configuration here....

https://www.ssllabs.com/ssltest/analyze


They've fixed the bug with OpenSSL 1.0.1g.


DR is safe lolz

Reply With Quote
The Following 3 Users Say Thank You to Clubhouse For This Useful Post:
gatagato, TwistedSisterr, winvens
  #5  
Old 04-10-2014, 03:59 AM
DannyDrama's Avatar
DannyDrama
Offline:
My Rank: MASTER SERGEANT
Poster Rank:356
Join Date: Oct 2011
Contributions: 1
 
Mentioned: 0 Post(s)
Quoted: 140 Post(s)
Activity Longevity
0/20 10/20
Today Posts
0/11 sssss2093
Re: Passwords Vulnerable After Security Flaw Found

Damn it.

Reply With Quote
  #6  
Old 04-10-2014, 11:05 PM
TwistedSisterr's Avatar
TwistedSisterr
Offline:
My Rank: MASTER SERGEANT
Poster Rank:427
Tenacious Bigmouth
Join Date: Apr 2013
Contributions: 3
 
Mentioned: 4 Post(s)
Quoted: 619 Post(s)
Activity Longevity
0/20 8/20
Today Posts
0/11 sssss1601
Re: Passwords Vulnerable After Security Flaw Found


idk wtf im doin

Reply With Quote
  #7  
Old 04-11-2014, 01:50 AM
DannyDrama's Avatar
DannyDrama
Offline:
My Rank: MASTER SERGEANT
Poster Rank:356
Join Date: Oct 2011
Contributions: 1
 
Mentioned: 0 Post(s)
Quoted: 140 Post(s)
Activity Longevity
0/20 10/20
Today Posts
0/11 sssss2093
Re: Passwords Vulnerable After Security Flaw Found

Quote:
Originally Posted by TwistedSisterr View Post

idk wtf im doin
Check all the websites you use, but don't bother changing the password yet. We're all already shagged so we'd only broadcast our new password if we do that. Just wait for them to be patched.

How to check a website:

http://filippo.io/Heartbleed/

https://www.ssllabs.com/ssltest/

Reply With Quote
The Following 4 Users Say Thank You to DannyDrama For This Useful Post:
gatagato, icheerthebull, TwistedSisterr, winvens
  #8  
Old 04-11-2014, 05:34 PM
Kelseecat65's Avatar
Kelseecat65
Offline:
The Eternal Optimist
Poster Rank:26
Join Date: Mar 2013
Contributions: 29
 
Mentioned: 166 Post(s)
Quoted: 11716 Post(s)
Activity Longevity
0/20 8/20
Today Posts
0/11 ssss27615
Re: Passwords Vulnerable After Security Flaw Found


__________________
Quote:
Originally Posted by The Last Nephilim
I'll bitch on piss you!
Reply With Quote
  #9  
Old 04-11-2014, 07:41 PM
TwistedSisterr's Avatar
TwistedSisterr
Offline:
My Rank: MASTER SERGEANT
Poster Rank:427
Tenacious Bigmouth
Join Date: Apr 2013
Contributions: 3
 
Mentioned: 4 Post(s)
Quoted: 619 Post(s)
Activity Longevity
0/20 8/20
Today Posts
0/11 sssss1601
Re: Passwords Vulnerable After Security Flaw Found

Quote:
Originally Posted by DannyDrama View Post
Check all the websites you use, but don't bother changing the password yet. We're all already shagged so we'd only broadcast our new password if we do that. Just wait for them to be patched.

How to check a website:

http://filippo.io/Heartbleed/

https://www.ssllabs.com/ssltest/

thank you!!!

Reply With Quote

Powered by vBulletin Copyright 2000-2010 Jelsoft Enterprises Limited.

Search Engine Friendly URLs by vBSEO