Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Heartbleed exploit, inocu...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

steve2470

(37,457 posts) Mon Apr 14, 2014, 03:50 AM Apr 2014

Heartbleed exploit, inoculation, both released

http://www.theregister.co.uk/2014/04/14/heartbleed_exploit_patch_both_released/

As the Heartbleed fallout continues, the good news is that code to protect against similar such attacks has been released. The bad news is that exploit code is also available.

Let's start with the latter, released by a chap who took up Cloudlare's challenge to coders in the hope someone, somewhere, would be able to use Heartbleed to extract a private SSL key from an undefended server it erected.

As we noted over the weekend, the challenge was met. The code for the 7th-fastest “solution” to the challenge is now available here.

The author apologises for the inelegance of the Python code he spent a day working on. Cloudflare says the winner took just nine hours to crack the server and run off with the SSL certificate.

more at link above
InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 2 replies, 806 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (1) ReplyReply to this post
2 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Heartbleed exploit, inoculation, both released (Original Post) steve2470 Apr 2014 OP
Messy but convincing proof that open source is more secure Recursion Apr 2014 #1
+1. Exactly right. nt bemildred Apr 2014 #2

Recursion

(56,582 posts)
1. Messy but convincing proof that open source is more secure
Reply to steve2470 (Original post)
Mon Apr 14, 2014, 04:11 AM
Apr 2014

When exploits happen, they happen loudly.

Fortunately I run Debian, which is behind the times enough that this isn't an issue (and, yes, that is in fact why Debian stable stays so behind the times). If you're running Windows you don't need to worry; this is mostly for server administrators. I just wanted to comment to point out that this is actually an example of open source working: anybody who wants to can audit the code, and a few million auditors means it gets found pretty quickly.

If you run Mac, run an update. If you run a Linux distro, keep it updated. If you run a server, I assume you know what you're doing already...

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Heartbleed exploit, inocu...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.