OpenSSL Heartbleed bug, CVE-2014-0160

ponder · Apr 8, 2014

http://heartbleed.com/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Happy patching and updating

oldBastard · Apr 8, 2014

Thanks need to go look at my webserver OpenSSL

mercurial · Apr 8, 2014

Already posted - http://mybroadband.co.za/vb/showthread.php/609630-SA-sites-vulnerable-to-massive-security-bug

Arthur · Apr 12, 2014

Worst nightmare. Concept now proved.

http://www.engadget.com/2014/04/11/heartbleed-openssl-cloudflare-challenge/?ncid=rss_truncated

HavocXphere · Apr 12, 2014

Plus the second oke managed to crack it with just 100k requests.

Arthur said:
Worst nightmare. Concept now proved.

Yep...

If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.

Good time to be a CA

Arthur · Apr 12, 2014

And the US gov has been using it for ages, says Bloomberg (Gizmodo).

Join the MyBroadband community

Get started

OpenSSL Heartbleed bug, CVE-2014-0160

ponder

Honorary Master

oldBastard

Expert Member

mercurial

MyBB Legend

Arthur

Honorary Master

HavocXphere

Honorary Master

Arthur

Honorary Master