It is currently Fri Jul 21, 2017 4:43 am



Welcome
Welcome to antiX-forum.

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. Registration is fast, simple, and absolutely free, so please, join our community today!


Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 
Author Message
 Post subject: OpenSSL compromised
PostPosted: Wed Apr 09, 2014 8:16 pm 
Offline
User avatar

Joined: Thu Jul 26, 2012 9:46 pm
Posts: 756
Location: Surrey/Hants Border UK
According to another website I frequent, OpenSSL has had a security hole for a couple of years(?).

Quote:
Just heard on BBC news that the Secure Sockets Layer encryption has been breached and that logging on to things like your bank can give your password to criminals. DO NOT go on to change your passwords as this will still allow them to get in later.

STAY away from any site you have to use a password for that you don't want anyone to get into - like your bank.

This is not a scare but seems genuine.

http://www.bbc.co.uk/news/technology-26954540

http://www.huffingtonpost.com/2014/04/0 ... 12793.html

http://www.gizmodo.co.uk/2014/04/heartb ... -so-scary/



_________________
Linux (& BSD) since 1999.
(Now also ukuleles & harmonicas.)


Top
 Profile  
 
 Post subject: Re: OpenSSL compromised
PostPosted: Wed Apr 09, 2014 8:38 pm 
Offline
User avatar

Joined: Fri Feb 20, 2009 3:44 am
Posts: 4022
Location: Pecos, Texas
In case you wanna check if paranoid

https://www.ssllabs.com/ssltest/

By the wayLinux Tracker passes. Linux Forums org passes. Linux Questions Org passes.

What a pass looks like https://www.ssllabs.com/ssltest/analyze ... stions.org

Mepis ?

https://www.ssllabs.com/ssltest/analyze ... munity.org

Beats the heck out of me on that one.

_________________
Linux Registered User # 475019
Linux at Home courses
How to Search for AntiX solutions to your problems


Top
 Profile  
 
 Post subject: Re: OpenSSL compromised
PostPosted: Thu Apr 10, 2014 2:47 pm 
Offline
User avatar

Joined: Fri Nov 01, 2013 6:43 pm
Posts: 650
Location: Lafayette, LA, USA
Two Years??? Are they sure its not the NSA playing around?

_________________
Phear the Penguin.
I am not CrAzY. And I have a paper from the doctors to prove it!
MSI S6000 i5-460M 4 Gb ram

A great mind is something to get terribly wasted.
LRU# 563815


Top
 Profile  
 
 Post subject: Re: OpenSSL compromised
PostPosted: Thu Apr 10, 2014 3:04 pm 
Offline
User avatar

Joined: Sun Dec 16, 2007 4:49 pm
Posts: 2159
I use lastpass for password management, and they have a tool that tells you which of your accounts (that it manages, of course) are affect, and if the sites have fixed the issue, and when to change your password. Pretty nice.

While working through that last nite, I also discovered that they have a tool to tell you when your usernames are involved in a security breach.

_________________
http://www.youtube.com/runwiththedolphin
eeepc 904ha antix 15 32 bit (streaming media player)
sony laptop amd 900mhz duran 512mb ram, antix 13 32-bit
lenovo s21e - 2gb ram, celeron - antiX-16 64 bit


Top
 Profile  
 
 Post subject: Re: OpenSSL compromised
PostPosted: Thu Apr 10, 2014 4:33 pm 
Quote:
Are they sure its not the NSA playing around?


As in "Let's ramp up the fear factor to keep the proles under control!" sort of thing?

http://arstechnica.com/security/2014/04/heartbleed-vulnerability-may-have-been-exploited-months-before-patch/

Update - There is now a Heartbleed Bug web-site:

http://heartbleed.com/


Top
  
 
 Post subject: Re: OpenSSL compromised
PostPosted: Mon Apr 14, 2014 2:07 pm 
Running on the belief that you can't believe anything a government agency says until it has been officially denied:

"Heartbleed bug denial by NSA and White House"

http://www.bbc.co.uk/news/technology-27004713 :lol:


Top
  
 
 Post subject: Re: OpenSSL compromised
PostPosted: Mon Apr 14, 2014 3:28 pm 
Offline
User avatar

Joined: Fri Oct 12, 2012 1:40 pm
Posts: 630
Here is an eff e-mail that i just got on the subject.
Here I go changing passwords from site to site, But I giving them time to update everything.

https://supporters.eff.org/civicrm/mailing/view?reset=1&id=612

_________________
You never really die. Your spirit, your music, and your wisdom carryover for generations. We are spiritual beings on a human journey..


Top
 Profile  
 
 Post subject: Re: OpenSSL compromised
PostPosted: Thu Apr 17, 2014 12:52 pm 
Offline
User avatar

Joined: Fri Oct 12, 2012 1:40 pm
Posts: 630
The NSA exploited it for years.
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

_________________
You never really die. Your spirit, your music, and your wisdom carryover for generations. We are spiritual beings on a human journey..


Top
 Profile  
 
 Post subject: Re: OpenSSL compromised
PostPosted: Fri Apr 18, 2014 2:53 am 
Offline
User avatar

Joined: Fri Nov 01, 2013 6:43 pm
Posts: 650
Location: Lafayette, LA, USA


SEE! I told you so.

_________________
Phear the Penguin.
I am not CrAzY. And I have a paper from the doctors to prove it!
MSI S6000 i5-460M 4 Gb ram

A great mind is something to get terribly wasted.
LRU# 563815


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
suspicion-preferred