Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Heartbleed bug creates confusion on internet
bbc.com ^ | 10 April 2014 | Mark Ward

Posted on 04/10/2014 2:48:27 PM PDT by Berlin_Freeper

Computers vulnerable to the Heartbleed bug are actively being targeted online, say security experts.

However, it is not yet clear whether the scanning efforts are benign or are the work of cyber-thieves keen to steal data, they say.

The news comes as some security professionals and developers advised people to change all their passwords.

(Excerpt) Read more at bbc.com ...


TOPICS: Computers/Internet
KEYWORDS:

1 posted on 04/10/2014 2:48:27 PM PDT by Berlin_Freeper
[ Post Reply | Private Reply | View Replies]

To: Berlin_Freeper
The Heartbleed Bug Heartbleed Bug
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Am I affected by the bug?
You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.

2 posted on 04/10/2014 2:51:14 PM PDT by Berlin_Freeper
[ Post Reply | Private Reply | To 1 | View Replies]

To: Berlin_Freeper

check out your bank etc here to see if it can be hacked http://lastpass.com/heartbleed/


3 posted on 04/10/2014 3:02:15 PM PDT by Chode (Stand UP and Be Counted, or line up and be numbered - *DTOM* -vvv- NO Pity for the LAZY - 86-44)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Berlin_Freeper

The Chrome store has an extension (chromebleed) which can tell if a site is vulnerable, and there are lists now.


4 posted on 04/10/2014 3:03:40 PM PDT by ansel12 ((Libertarianism offers the transitory concepts and dialogue to move from conservatism, to liberalism)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Berlin_Freeper

Bookmarked...


5 posted on 04/10/2014 3:03:53 PM PDT by babygene ( .)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Berlin_Freeper

Bookmark.


6 posted on 04/10/2014 3:09:41 PM PDT by The Cajun (tea party!!!, Sarah Palin, Mark Levin, Ted Cruz, Mike Lee, Louie Gohmert......Nuff said.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: 2nd amendment mama

Ping!


7 posted on 04/10/2014 3:11:05 PM PDT by basil (2ASisters.org)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Berlin_Freeper
Here's the change/no change list, so far.
8 posted on 04/10/2014 3:16:01 PM PDT by carriage_hill (Peace is that brief glorious moment in history, when everybody stands around reloading.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Berlin_Freeper

I do hope our host will add to this thread. Not a good
thing to hear with an onging freepathon fundraiser in progress.


9 posted on 04/10/2014 8:23:00 PM PDT by theneanderthal
[ Post Reply | Private Reply | To 1 | View Replies]

To: Berlin_Freeper; rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; amigatec; ...

10 posted on 04/11/2014 5:20:26 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

This is a great graphic. I wish I could’ve simplified this much with my management team. They just gave the order to “fix it.”


11 posted on 04/11/2014 5:31:36 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Berlin_Freeper

Bump for later.


12 posted on 04/11/2014 5:43:18 AM PDT by LuvFreeRepublic
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Thanks.


13 posted on 04/11/2014 5:45:48 AM PDT by expat1000
[ Post Reply | Private Reply | To 10 | View Replies]

To: Berlin_Freeper

Oh, great. Facebook is vulnerable.


14 posted on 04/11/2014 6:18:47 AM PDT by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia
This is a great graphic. I wish I could’ve simplified this much with my management team. They just gave the order to “fix it.”

I guess I'm a dunce on this -- I don't understand the graphic at all.

15 posted on 04/11/2014 7:19:15 AM PDT by CedarDave (CNN: The "Crisis News Channel" - all Flight 370 hysteria and global warming blather, all the time.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: carriage_hill

http://money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/index.html?hpt=hp_t3

From the above link:

Websites are racing to patch the Heartbleed bug, the worst security hole the Internet has ever seen.

As sites fix the bug on their end, it’s time for you to change your passwords. The Heartbleed bug allowed information leaks from a key safety feature that is supposed to keep your online communication private — email, banking, shopping, and passwords.

Don’t change all your passwords yet, though. If a company hasn’t yet updated its site, you still can’t connect safely. A new password would be compromised too.


16 posted on 04/11/2014 7:45:53 AM PDT by GOPJ (When fascism comes it will come..with promises of a better world.The jackboots come later..-Shapiro)
[ Post Reply | Private Reply | To 8 | View Replies]

To: GOPJ

Thanks. I took care of my YT, Google, GMail and Yahoo, on the “now” list; the others on that one list I don’t bother with. For the “don’t bother” list, I’ll probably change those too, this weekend, just to be sure.


17 posted on 04/11/2014 7:54:19 AM PDT by carriage_hill (Peace is that brief glorious moment in history, when everybody stands around reloading.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: CedarDave

A program makes a query over an SSL link. That query is answered securely by the server on the other side. On a properly-configured SSL tunnel, the responder would answer the query explicitly.

With heartbleed, a query could be issued and request the response to be a certain length. The response could be longer than the explicit data point in, say, a database, and the data that would be gained would be data the requester is not privy to.

In this case, a private key could be decoded by constantly requesting secure traffic respond with more information than what is found in the public key. Since the only data outside of the public key is the private key or a symmetric hash, they could eventually decode the entire private key, thus making a man-in-the-middle attack easy to pull off. The attack poses as a secure server, steals the data it wants, and the customer is none the wiser.


18 posted on 04/11/2014 9:14:39 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: rarestia

I do hope our host will add to this thread. Not a good
thing to hear with an onging freepathon fundraiser in progress.


19 posted on 04/19/2014 9:55:54 PM PDT by theneanderthal
[ Post Reply | Private Reply | To 18 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson