GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Heartbleed openssl bug (private keys at risk)

adultmobile · 04-08-2014, 06:47 PM

Heartbleed openssl bug (private keys at risk)

http://heartbleed.com/
http://arstechnica.com/security/2014...eavesdropping/
http://threatpost.com/seriousness-of...sets-in/105309

OpenSSL is default for apache and nginc, 66% of web sites.

"A missing bounds check allows an attacker to read up to 64 KB of memory on a machine protected by OpenSSL."

"Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption."

Test your server:

http://filippo.io/Heartbleed/

04-08-2014, 06:47 PM
adultmobile No, I am not banned Industry Role: Join Date: Nov 2003 Location: ChatGF.com Posts: 5,345	Heartbleed openssl bug (private keys at risk) Heartbleed openssl bug (private keys at risk) http://heartbleed.com/ http://arstechnica.com/security/2014...eavesdropping/ http://threatpost.com/seriousness-of...sets-in/105309 OpenSSL is default for apache and nginc, 66% of web sites. "A missing bounds check allows an attacker to read up to 64 KB of memory on a machine protected by OpenSSL." "Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption." Test your server: http://filippo.io/Heartbleed/ __________________ TubeCamGirl.com Last edited by adultmobile; 04-08-2014 at 06:52 PM..