Heartbleed: super huge Internet security exploit
Post Reply
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
09-04-2014, 12:41 PM
Heartbleed: super huge Internet security exploit
Heartbleed: the biggest Internet security exploit so far.

So, basically, back in 2011, the OpenSSL code was "fixed" and included a bug. The bug allows any unauthenticated user to be able to get 64k of memory, which often includes plaintext usernames and passwords, and other sensitive information.

So, once all of the banks, email servers, and other online sites that store user data get their OpenSSL patched, everyone will have to change their login info. Yay.
Find all posts by this user
Like Post Quote this message in a reply
[+] 2 users Like RobbyPants's post
09-04-2014, 01:04 PM
RE: Heartbleed: super huge Internet security exploit
(09-04-2014 12:41 PM)RobbyPants Wrote:  Heartbleed: the biggest Internet security exploit so far.

So, basically, back in 2011, the OpenSSL code was "fixed" and included a bug. The bug allows any unauthenticated user to be able to get 64k of memory, which often includes plaintext usernames and passwords, and other sensitive information.

So, once all of the banks, email servers, and other online sites that store user data get their OpenSSL patched, everyone will have to change their login info. Yay.

This is why I don't trust technology. I love technology, I embrace technology. I don't trust it.

I get lots of weird looks when I tell people I don't trust computers. "but you're an IT guy. You should trust the things you work with." Yeah... I'm and IT guy and that's WHY I don't trust them. Anyone who has spent any time with their head in computers and/or code can tell you how ungodly complex even the simplest systems are. So much so that to expect them to be bug free is asinine. There are far too many variables and points of weakness, and the more complex a system gets, the harder it is to track down and patch those weaknesses.

Excuse me, I'm making perfect sense. You're just not keeping up.

"Let me give you some advice, bastard: never forget what you are. The rest of the world will not. Wear it like armor, and it can never be used to hurt you." - Tyrion Lannister
Find all posts by this user
Like Post Quote this message in a reply
[+] 3 users Like itsnotmeitsyou's post
09-04-2014, 01:56 PM
RE: Heartbleed: super huge Internet security exploit
^^^
Ditto.

And it's why I don't use credit cards.

Also, I have heard doctors say the same about humans... way too complex to be certain about anything.

Meanwhile, I'm presenting today to ANZ's Risk teams. I'll mention Heartbleed. That should be amusing.

Big Grin

Find all posts by this user
Like Post Quote this message in a reply
[+] 2 users Like DLJ's post
09-04-2014, 06:55 PM
RE: Heartbleed: super huge Internet security exploit
UPDATE: Well at least one bank has already sorted it out.

So we discussed an announcement to that effect on their website and also warning their Call Centre that they might need official scripts/statements and more resources to cope with a higher than usual call volume when the news spreads more widely.

Find all posts by this user
Like Post Quote this message in a reply
[+] 1 user Likes DLJ's post
Post Reply
Forum Jump: