« previous next »
Pages: [1] 2 3

Author Topic: bug in openSSL lets people hijack accounts and steal information en masse  (Read 1892 times)

lolz??

April 09, 2014, 10:54:13 AM
« Last Edit: April 09, 2014, 04:08:54 PM by lolz?? »

Ad Bot

Advertisement

ZombiLoin

April 09, 2014, 11:00:39 AM
late

Nal

April 09, 2014, 11:10:06 AM

0xBRIANSMITH

April 09, 2014, 11:15:46 AM
NASA and imgur got bled. I saw the leaks. It just looks like a network brown townysis of it (if you have ever seen one).

lolz??

April 09, 2014, 11:22:19 AM
Quote from: ZombiLoin on April 09, 2014, 11:00:39 AM
late
no stuff there isn't a topic about it
« Last Edit: April 09, 2014, 06:07:43 PM by lolz?? »

GhostOfBetaTapes

April 09, 2014, 11:31:41 AM
Okay. "hijack accounts" is a bit harsh. Heartbleed allows a call for a random packet of about 64 bits of data from the OpenSSL system within the server. However, it can be called again and again and again, and MAYBE a hacker could patch together some data that would allow them to access secure data. It's also just one version of OpenSSL (that unfortunately a lot of people used)

However, what's unfortunate is that this hole in security is obvious when you do a network brown townysis on the server.

Flatflyer

April 09, 2014, 11:33:39 AM
This happened to steam yesterday apparently.

Ipquarx

April 09, 2014, 11:39:50 AM
Quote from: GhostOfBetaTapes on April 09, 2014, 11:31:41 AM
Okay. "hijack accounts" is a bit harsh. Heartbleed allows a call for a random packet of about 64 bits of data from the OpenSSL system within the server.
64,000 bytes of data*

Port

April 09, 2014, 11:42:49 AM
-snip-
« Last Edit: April 09, 2014, 12:22:29 PM by Port »

Lugnut

April 09, 2014, 02:01:28 PM
Quote from: GhostOfBetaTapes on April 09, 2014, 11:31:41 AM
Okay. "hijack accounts" is a bit harsh. Heartbleed allows a call for a random packet of about 64 bits of data from the OpenSSL system within the server. However, it can be called again and again and again, and MAYBE a hacker could patch together some data that would allow them to access secure data. It's also just one version of OpenSSL (that unfortunately a lot of people used)

However, what's unfortunate is that this hole in security is obvious when you do a network brown townysis on the server.
not even harsh at all, they can compromise literally all the memory on the server 64kb of data at a time.
Quote from: Nal on April 09, 2014, 11:10:06 AM

it came out two loving days ago, theoretically allows for compromisation of private data from any vulnerable server, and is pretty super loving important, so forget off

http://heartbleed.com
« Last Edit: April 09, 2014, 02:04:30 PM by Lugnut »

Badger

April 09, 2014, 03:03:01 PM
Yea it was apparently on steam but they squashed it

@Ravencroft

April 09, 2014, 03:04:52 PM
Kill the bug!

Badger

April 09, 2014, 03:06:10 PM
There's flies everywhere in my house right now so that fooled me

Aide33

April 09, 2014, 03:18:12 PM

Blockzillahead

April 09, 2014, 03:57:37 PM
Announcing this bug just makes it worse. Someone mentioned that this bug has been present for quiet a while now.
Pages: [1] 2 3
« previous next »