Saturday, November 22, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 29   
  • · Total Members: 17,265
  • · Newest Member: 3sp4rt4c0
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1291   
    cruizrisner1062   
    Qwexotic1034   
    Null Set870   
    Override604   
    auditorsec603   
    godofcereal599   
    TurboBorland585   
    Teddy477   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Hacking Website Hacking
    SSL is no longer secure
    Register FAQ Members List Today's Posts Search

    Print Thread
    04-09-2014 10:19 AM SSL is no longer secure
    http://heartbleed.com/
    http://www.businessinsider.com/heartbleed-bug-explainer-2014-4

    Now hackers can get into bank databases and other files from different organisations pretending to be a heartbeat-package used by the openSSL connection. When disguised as the correct heartbeat-package, the hacker can get info sent from the databaseserver instead of the real computer from a client logging in, therefor receiving his/her credentials that can be later used in a hack.

    The server appears to see no flaws because it thinks it sent the correct information to the correct PC.

    Use it wisely ;-)

    PS: appearantly it's been around for quite some time, but since the news is flaring up about it now, i'd thought i'd post it here too.

    greetz, jep.
     
    Offline
    04-10-2014 09:23 AM RE: SSL is no longer secure
    Slightly incorrect.

    The vulnerability is a buffer over read, and winds up reading 64k bytes out of the process memory. This means you could leak out the encryption keys, significantly more valuable then mere credentials(oh but you can get those too!)

    also no exploit code out yet. but theres been some clues as to where the vuln is, so its possible to devise an exploit by looking at the patch changes.
    dmr, September 9, 1941 October 9, 2011

    Never Forget
     
    Offline
    04-11-2014 12:04 PM RE: SSL is no longer secure
    All our servers are already taken care off.

    just do a yum update and restart services that use SSL and you are good to go.

    older versions of SSL 0.9.X.X are not affected by this bug.
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard