Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersHella scary OpenSSL Vulnerability
ubergeeknz

3344 posts

Uber Geek

Trusted
Vocus

#143260 8-Apr-2014 14:09
Send private message

"We attacked ourselves from outside, without leaving a trace," they wrote. "Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication."

Think about this - silent theft of private keys.  The implications on being able to trust SSL certs are huge even after this vuln is patched.

Links: http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

http://threatpost.com/openssl-fixes-tls-vulnerability/105300

http://www.openssl.org/news/vulnerabilities.html#2014-0160

Create new topic
muppet
2568 posts

Uber Geek

Trusted

  #1020653 8-Apr-2014 14:24
Send private message

Yes, I've spent the morning patching my Debian systems and generating new certificates.
Good ol' Crypto.



Lias
5589 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1020664 8-Apr-2014 14:31
Send private message

If you assume that at least one malicious state actor (Russia, USA, China) has has access to this for some time, it becomes utterly terrifying.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #1020710 8-Apr-2014 14:58
Send private message

not the best news... yay for spending the day updating and checking machines!




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 



Noodles
487 posts

Ultimate Geek


  #1020742 8-Apr-2014 15:54
Send private message

Cool tool to check whether servers are vulnerable: http://filippo.io/Heartbleed/

ubergeeknz

3344 posts

Uber Geek

Trusted
Vocus

  #1020747 8-Apr-2014 15:59
Send private message

Noodles: Cool tool to check whether servers are vulnerable: http://filippo.io/Heartbleed/


Seems to be slammed though

hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #1020751 8-Apr-2014 16:06
Send private message

Noodles: Cool tool to check whether servers are vulnerable: http://filippo.io/Heartbleed/


handy tool, as assumed, all clear on my machines!




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

wasabi2k
2096 posts

Uber Geek


  #1020755 8-Apr-2014 16:16
Send private message

Only affects OpenSSL 1.01 -> 1.01f

Anyone running Netscalers - they are running 0.9.7b.

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
rphenix
985 posts

Ultimate Geek

Lifetime subscriber

  #1020792 8-Apr-2014 17:13
Send private message

muppet: Yes, I've spent the morning patching my Debian systems and generating new certificates.
Good ol' Crypto.

+1 to that.  Spent most of this afternoon updating systems.

Lias
5589 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1021040 9-Apr-2014 09:49
Send private message

Ouch.. Just checked the websites of the various financial institutes I have accounts with.. 2 out of 6 are vulnerable. 




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

lchiu7
6470 posts

Uber Geek

Trusted

  #1021186 9-Apr-2014 13:33
Send private message

I'm guessing if Google found it then most of the Google servers are okay!




Staying in Wellington. Check out my AirBnB in the Wellington CBD.  https://www.airbnb.co.nz/h/wellycbd  PM me and mention GZ to get a 15% discount and no AirBnB charges.

nathan
5695 posts

Uber Geek
Inactive user


  #1022181 9-Apr-2014 13:59
Send private message

you can't just patch, you need to patch, revoke the certs and reissue them to be sure no one has your private keys

OUCH

freitasm
BDFL - Memuneh
79254 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1022184 9-Apr-2014 14:06
Send private message

You can also use https://www.ssllabs.com/ssltest/ to test.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

Lias
5589 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1022294 9-Apr-2014 17:23
Send private message

nathan: you can't just patch, you need to patch, revoke the certs and reissue them to be sure no one has your private keys

OUCH


And assume all your users need to change passwords just to be safe.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright