Skip to main content

HeartBleed - An open source failure?????

                                                                                    Heart Bleed....

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).




 On 8th April , when Microsoft stopped giving support to WinXP, the major vulnerability in the open source OpenSSL was found.The 1000s of websites using OpenSSL like Facebook,Google,Yahoo are affected due a simple OpenSSL programming mistake . A programming blunder enabled attackers to pull down 64k chunks of "secure" server memory. Of course, a hacker would then have to shift through this captured memory for social security numbers, credit-card numbers, and names, but that's trivial.                                   
                                  
Half a million sites are vulnerable.Test websites' vulnerability here.
 According to .zdnet.com ,German programmer Dr. Robin Seggelmann added a new "feature" and forgot to validate a variable containing a length. The code reviewer, Dr Stephen Henson, "apparently also didn’t notice the missing validation," said Seggelmann, "so the error made its way from the development branch into the released version." And, then for about two years the defective code would be used, at one time or another, by almost ever Internet user in the world.


 The bug has been patched. After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected.
ColdFlare announced the challenge to hack the private keys from the server using the HeartBleed bug and after several hours hackers stole them.But the controversial part is that the server was rebooted during the challange. The two winners are Fedor Indutny and Illkka Mattila. Indutny, who succeeded first, made 2.5 million Heartbleed requests over the course of the day and Mattila made 100,000. CloudFlare rebooted the server at one point during the test which they say may have contributed to the successful attempt.

 To be on safer side if you are having an account on a website using OpenSSL, change your password. and if a website is asking you to change your password-Do it!!

 Check for more info about the challenge
                                If you have account on Yahoo,change your password NOW!! Even thought google is saying they have patched the vulnerability but you can't take risk so its better to change your google account passwords  and the same applies to facebook.

 Snapshot :-


Labels:

Comments

Post a Comment

Queries And Suggestions are always welcome

Popular posts from this blog

Random thoughts

Smtimes she lie awake in bed,  Thinking to herself of things she dread,   It’s about time u got married they say,  But my career just began she explain with dismay..  Why are you so eager to send me away she asks,  Why would you treat it such a difficult task?  She knew they were worried about their daughter's laughter,  where lies her prince charming and her happily ever after.. Why is it so wrong if she want to wait a while,  Earn some money and then walk down the aisle,  Give her time to learn,to explore and to grow,  Let her experience her high and low.  Give rest to your mind she"ll find her soulmate, enjoy the present and let the future wait. <iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//ws-in.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&OneJS=1&Operation=GetAdHtml&MarketPlace=IN&source=ss&ref=as_ss_li_...
1 comment
Read more

Facebook Hijacking

Facebook account hijacking There are few cross paths in hijacking a Facebook account.It all starts with clicking on forgot your password . when you click on the this link few of the options comes which can lead to the compromising of your Facebook account. 1.By clicking on the forgot your password,Facebook will land you to the page to identify your account .   Once you typein the username or email or phone number of the person and then By identifying the  account Few options will come containing all those emails which you have provided to the Facebook earlier .  then clicking  on the No Longer Have Access to these account   will take you to page asking you to enter the email address where Facebook can reach to you... 2.After Entering the valid email which is not associated with any of the Facebook account.. the security question of the person you are trying to hack will come . Make Sure You provide the email address not associated w...
Post a Comment
Read more

Facebook Hacking

So,here you are,wanting to hack some one's Facebook's account...... .Remember Facebook is a very secured site and to hack a Facebook account is very very tough......or it is almost impossible..unless the user does something silly..like clicking on random links..or downloading some file containing Key-loggers...  in the next post everything is about phishing and key-logging...and hacking the gmail account of a person.... You must be Aware of phishing...... Phishing is a technique in which the attacker will force you to click on the random links... which will lead you to the exactly same page as the Facebook login page is like.... now the whatsoever data you have entered into that page is going to the attacker... so carefully enter your secret information like banking details, you passwords and other sensitive data......just ensure that the page you are entering the data is the legal 1........so its totally in the hand of the user to be secured from such attacks like...
Post a Comment
Read more