Forums
New posts
Search forums
Members
Current visitors
New profile posts
Search profile posts
What's new
New posts
New profile posts
Latest activity
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Off Topic
Technology
Heartbleed bug
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Peezy" data-source="post: 166235" data-attributes="member: 1090"><p>An Internet bug called Heartbleed has compromised the majority of the secure servers of the Internet using OpenSSL, potentially exposing millions of users private data from email servers, bank servers, almost any service using this widely used system.</p><p></p><p>The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.</p><p></p><p><strong>How it works:</strong></p><p><strong></strong></p><p>Client: Hi, I want to login! My info is "username" and "password".</p><p>Server: Ok, you're logged in!</p><p>Client: I want to make sure you're still there. I'm going to count down from ten, can you repeat it to me? 10,9,8,7,6,5,4,3,2,1.</p><p>Server: Ok, that's 10,9,8,7,6,5,4,3,2,1.</p><p>Client: Great!</p><p></p><p>That's how the heartbeat works. With Heartbleed in effect:</p><p></p><p>Client: Hi, I want to login! My info is "username" and "password".</p><p>Server: Ok, you're logged in!</p><p>Attacker: I want to make sure you're still there. I'm going to count down from ten, can you repeat it to me? 10.</p><p>Server: Okay, that's 10,username,password.</p><p></p><p>Because the server never verifies that the client or attacker has sent what they said they would, it just rattles off the requested amount of memory. For a client, this is what they wanted. But an attacker can send much less than they say, getting plaintext info like keys, login info, session cookies and the like.</p><p></p><p><strong>Here is a list of some sites that were affected <a href="http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/" target="_blank">click here</a></strong></p><p></p><p>It is always a good practice to change your passwords every few months. Also never use the same password for other services that hold private information, such has banking.</p><p></p><p style="text-align: center"><strong>This is just a recommendation: Change your passwords for any services that store sensitive data, just to be on the safe side. </strong></p></blockquote><p></p>
[QUOTE="Peezy, post: 166235, member: 1090"] An Internet bug called Heartbleed has compromised the majority of the secure servers of the Internet using OpenSSL, potentially exposing millions of users private data from email servers, bank servers, almost any service using this widely used system. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years. [B]How it works: [/B] Client: Hi, I want to login! My info is "username" and "password". Server: Ok, you're logged in! Client: I want to make sure you're still there. I'm going to count down from ten, can you repeat it to me? 10,9,8,7,6,5,4,3,2,1. Server: Ok, that's 10,9,8,7,6,5,4,3,2,1. Client: Great! That's how the heartbeat works. With Heartbleed in effect: Client: Hi, I want to login! My info is "username" and "password". Server: Ok, you're logged in! Attacker: I want to make sure you're still there. I'm going to count down from ten, can you repeat it to me? 10. Server: Okay, that's 10,username,password. Because the server never verifies that the client or attacker has sent what they said they would, it just rattles off the requested amount of memory. For a client, this is what they wanted. But an attacker can send much less than they say, getting plaintext info like keys, login info, session cookies and the like. [B]Here is a list of some sites that were affected [URL='http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/']click here[/URL][/B] It is always a good practice to change your passwords every few months. Also never use the same password for other services that hold private information, such has banking. [CENTER][B]This is just a recommendation: Change your passwords for any services that store sensitive data, just to be on the safe side. [/B][/CENTER] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Off Topic
Technology
Heartbleed bug
Top