Thursday, October 08, 2015 Login · Register


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.


    Users Online
  • · Members on IRC: 0   
  • · Total Members: 21,840
  • · Newest Member: hacking4life


        Related Ads



        Top 10 Forum Posters
    Null Set883   


  • iExploit

  • iExploit

  • WeChall



        Related Ads

    View Thread
    Security Override Hacking Website Hacking
    SSL is no longer secure
    Register FAQ Members List Today's Posts Search

    Print Thread
    04-09-2014 10:19 AM SSL is no longer secure

    Now hackers can get into bank databases and other files from different organisations pretending to be a heartbeat-package used by the openSSL connection. When disguised as the correct heartbeat-package, the hacker can get info sent from the databaseserver instead of the real computer from a client logging in, therefor receiving his/her credentials that can be later used in a hack.

    The server appears to see no flaws because it thinks it sent the correct information to the correct PC.

    Use it wisely ;-)

    PS: appearantly it's been around for quite some time, but since the news is flaring up about it now, i'd thought i'd post it here too.

    greetz, jep.
    04-10-2014 09:23 AM RE: SSL is no longer secure
    Slightly incorrect.

    The vulnerability is a buffer over read, and winds up reading 64k bytes out of the process memory. This means you could leak out the encryption keys, significantly more valuable then mere credentials(oh but you can get those too!)

    also no exploit code out yet. but theres been some clues as to where the vuln is, so its possible to devise an exploit by looking at the patch changes.
    dmr, September 9, 1941 October 9, 2011

    Never Forget
    04-11-2014 12:04 PM RE: SSL is no longer secure
    All our servers are already taken care off.

    just do a yum update and restart services that use SSL and you are good to go.

    older versions of SSL 0.9.X.X are not affected by this bug.
    Jump to Forum:
    Forum powered by fusionBoard