News:

Use the "Forum Search"
It may help you to find anything in the forum ;).

"Heartbleed" exploit

Started by Isaac Eiland-Hall, April 08, 2014, 10:47:00 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Isaac Eiland-Hall

I'm expecting news of this to spread far and wide.

First, here's some information:

http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/

http://heartbleed.com/

http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities

The server was patched a few hours ago at this point. There is no way I'm aware of at this time to detect compromise. The good news is that of the majority of servers on the internet, most were vulnerable, meaning any particular server may well not have been compromised. The bad news is that any protected information might have been compromised and no way to tell.

IgorEliezer

I've been following this huge disaster that hit the Internet hard for hours.

Long story short: the exploit found in the OpenSSL allowed to get password and personal details in bare plain textfile from millions of sites.

http://twitter.com/search?q=heartbleed
http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/

For those who want to test if a site is still vulnerable: http://filippo.io/Heartbleed/

Isaac Eiland-Hall

Speaking of you, many many thanks to Igor for sending me a PM about this. I was out much of the day. I'd seen a brief article about this, but hadn't noticed the severity of it yet, so he enabled my securing the server faster - as soon as I saw his PM. Thank you, kind sir.

This is my official PanamaCityPC reply:

http://news.panamacitypc.com/2014/04/notice-about-bluebonnetserver-and-the-heartbleed-bug/

This is a brief message regarding the Heartbleed bug that is all over the news today.

In brief, I became aware of the seriousness of the bug/exploit a few hours ago and took immediate action to open OpenSSL on the server to the latest bugfix release, followed by a server reboot to ensure no un-updated binaries were running.

At this time, there is no way to tell if a particular server has been compromised; or rather, if data from a particular server has been accessed. The best solution I have seen involves securing the server (which is now done), and resetting all passwords on the server, which is a huge undertaking, and not practical to do for all applications running on the server.

I therefore highly recommend that if there is an application running under your account, such as a forum or WordPress or other software installation, that you immediately recommend to all users that they change their account passwords immediately.

This affects easily a half million servers on the internet; I personally tend to believe that the vast majority of those probably have not been accessed; but the seriousness of this incident prompts a "better safe than sorry" response.

If you require further information or assistance, please do not hesitate to email helpdesk@panamacitypc.com and we will assist you as soon as possible.

Sincerely,
-Isaac Eiland-Hall
PanamaCityPC.com – BlueBonnetServer.com

Ters

Well, whatever information they can get out is down to sheer luck and depends on the particular application. In my opinion, there have been worse vulnerabilites. The most shocking part is that what is perhaps the number on SSL implementation can let such things go unnoticed through to a release, but that's human nature I guess.

Since this forum doesn't require (I haven't checked if it even supports) HTTPS, the kind of things this exploit would give access to is out in the open anyway.


Ters

Quote from: IgorEliezer on April 09, 2014, 07:31:24 AM
Everything is not lost...

The mouse-over apparently is. And my memory of where that quote was from (a co-worker had to give me a copy of his memory of it).

dom700

Well, since the password here is not important and otherwise unused, I will not change it. If someone managed to pick up my password, congratulations ;)
I was only afraid that the SSL on my own systems might be compromised, but the version I am running is too old for the bug xD