Overclock.net › Forums › Industry News › Software News › [AT] Critical Crypto Bug in OpenSSL Opens Two-Thirds of the Web to Eavesdropping
New Posts  All Forums:Forum Nav:

[AT] Critical Crypto Bug in OpenSSL Opens Two-Thirds of the Web to Eavesdropping - Page 2

post #11 of 54
Such a beat up - the bug was fixed in 1.0.1g within 2 days of being confirmed - so update and the bug is patched.

Seriously, arstechnica just stopped to a new low.
"Fully recovering from the two-year-long vulnerability..."

It was only confirmed to exist on Sat, 5 Apr 2014, and while it is applicable only to versions 1.0.1 through 1.0.1f (and including 1.0.2beta), by using the words "two-year-long vulnerability", arstechnica pathetically attempts to skew things in an effort to portray the OpenSSL devs as incompetent, subtly suggesting that the OpenSSL devs knew about this bug for 2 years and left OpenSSL vulnerable for that full 2 years, when, in fact, it was patched out within 2 days of being confirmed.
Quote:
Originally Posted by Tomas Hoger on 2014-04-07 15:34:33 EDT @ bugzilla.redhat.com 
Fixed upstream in OpenSSL version 1.0.1g.

Edited by un-nefer - 4/8/14 at 8:38am
Crimson Basilisk
(25 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 2600K @ 5.1Ghz AsRock Extreme4 Gen3 Palit GTX 680 Jetstream 2GB Palit GTX 680 Jetstream 2GB 
RAMRAMHard DriveHard Drive
G.Skill F3-12800CL9D-8GBXL G.Skill F3-12800CL9D-8GBXL Sandisk Extreme 120GB SSD Sandisk Extreme 120GB SSD 
Hard DriveOptical DriveCoolingCooling
WD Caviar "Black" 1TB SATAII LG WH14NS40 Blu-ray Burner XSPC Rasa CPU (Acetal) Black RX360 Triple Fan Radiator 
CoolingCoolingOSMonitor
XSPC DDC Two BayRes BMaverick Laing DDC (MCP350) Windows 7 Ultimate x64 Philips 201B 21" CRT 
MonitorKeyboardPowerCase
ViewSonic VX922 19" LCD Diamond Digital Black Antec True Power 750w Antec LanBoy Air Red 
MouseMouse PadAudioOther
Epic Gear Meduza (By GEIL) Steel Series QCK+ XL Asus Xonar DX ROCCAT Kave 5.1 Surround Sound Gaming Headset 
Other
Sennheiser hd555 
  hide details  
Reply
Crimson Basilisk
(25 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 2600K @ 5.1Ghz AsRock Extreme4 Gen3 Palit GTX 680 Jetstream 2GB Palit GTX 680 Jetstream 2GB 
RAMRAMHard DriveHard Drive
G.Skill F3-12800CL9D-8GBXL G.Skill F3-12800CL9D-8GBXL Sandisk Extreme 120GB SSD Sandisk Extreme 120GB SSD 
Hard DriveOptical DriveCoolingCooling
WD Caviar "Black" 1TB SATAII LG WH14NS40 Blu-ray Burner XSPC Rasa CPU (Acetal) Black RX360 Triple Fan Radiator 
CoolingCoolingOSMonitor
XSPC DDC Two BayRes BMaverick Laing DDC (MCP350) Windows 7 Ultimate x64 Philips 201B 21" CRT 
MonitorKeyboardPowerCase
ViewSonic VX922 19" LCD Diamond Digital Black Antec True Power 750w Antec LanBoy Air Red 
MouseMouse PadAudioOther
Epic Gear Meduza (By GEIL) Steel Series QCK+ XL Asus Xonar DX ROCCAT Kave 5.1 Surround Sound Gaming Headset 
Other
Sennheiser hd555 
  hide details  
Reply
post #12 of 54
Bet LMDE won't get updated though - sucks to be based on Debian Testing frown.gif
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
post #13 of 54
Quote:
Originally Posted by chemicalfan View Post

Bet LMDE won't get updated though - sucks to be based on Debian Testing frown.gif
Just perform and update and OpenSSL will be updated to the latest patched version - it's already been added to the LM repo.
Crimson Basilisk
(25 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 2600K @ 5.1Ghz AsRock Extreme4 Gen3 Palit GTX 680 Jetstream 2GB Palit GTX 680 Jetstream 2GB 
RAMRAMHard DriveHard Drive
G.Skill F3-12800CL9D-8GBXL G.Skill F3-12800CL9D-8GBXL Sandisk Extreme 120GB SSD Sandisk Extreme 120GB SSD 
Hard DriveOptical DriveCoolingCooling
WD Caviar "Black" 1TB SATAII LG WH14NS40 Blu-ray Burner XSPC Rasa CPU (Acetal) Black RX360 Triple Fan Radiator 
CoolingCoolingOSMonitor
XSPC DDC Two BayRes BMaverick Laing DDC (MCP350) Windows 7 Ultimate x64 Philips 201B 21" CRT 
MonitorKeyboardPowerCase
ViewSonic VX922 19" LCD Diamond Digital Black Antec True Power 750w Antec LanBoy Air Red 
MouseMouse PadAudioOther
Epic Gear Meduza (By GEIL) Steel Series QCK+ XL Asus Xonar DX ROCCAT Kave 5.1 Surround Sound Gaming Headset 
Other
Sennheiser hd555 
  hide details  
Reply
Crimson Basilisk
(25 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 2600K @ 5.1Ghz AsRock Extreme4 Gen3 Palit GTX 680 Jetstream 2GB Palit GTX 680 Jetstream 2GB 
RAMRAMHard DriveHard Drive
G.Skill F3-12800CL9D-8GBXL G.Skill F3-12800CL9D-8GBXL Sandisk Extreme 120GB SSD Sandisk Extreme 120GB SSD 
Hard DriveOptical DriveCoolingCooling
WD Caviar "Black" 1TB SATAII LG WH14NS40 Blu-ray Burner XSPC Rasa CPU (Acetal) Black RX360 Triple Fan Radiator 
CoolingCoolingOSMonitor
XSPC DDC Two BayRes BMaverick Laing DDC (MCP350) Windows 7 Ultimate x64 Philips 201B 21" CRT 
MonitorKeyboardPowerCase
ViewSonic VX922 19" LCD Diamond Digital Black Antec True Power 750w Antec LanBoy Air Red 
MouseMouse PadAudioOther
Epic Gear Meduza (By GEIL) Steel Series QCK+ XL Asus Xonar DX ROCCAT Kave 5.1 Surround Sound Gaming Headset 
Other
Sennheiser hd555 
  hide details  
Reply
post #14 of 54
Quote:
Originally Posted by un-nefer View Post

Such a beat up - the bug was fixed in 1.0.1g within 2 days of being confirmed - so update and the bug is patched.

Seriously, arstechnica just stopped to a new low.
"Fully recovering from the two-year-long vulnerability..."

It was only confirmed to exist on Sat, 5 Apr 2014, and while it is applicable only to versions 1.0.1 through 1.0.1f (and including 1.0.2beta), by using the words "two-year-long vulnerability", arstechnica pathetically attempts to skew things in an effort to portray the OpenSSL devs as incompetent, subtly suggesting that the OpenSSL devs knew about this bug for 2 years and left OpenSSL vulnerable for that full 2 years, when, in fact, it was patched out within 2 days of being confirmed.


You don't just go and patch production servers.....
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #15 of 54
you doooo, orrr you get a intern to do it wink.gif

there is a Iptables rule and a snort rule to mitigate it, so it "shouldnt" be that hard to protect agsint (whats taking yahoo so long XD), i wonder how many routers are vunerable to this as well?
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
post #16 of 54
Quote:
Originally Posted by Ulquiorra View Post

you doooo, orrr you get a intern to do it wink.gif

there is a Iptables rule and a snort rule to mitigate it, so it "shouldnt" be that hard to protect agsint (whats taking yahoo so long XD), i wonder how many routers are vunerable to this as well?

Person who told the intern to do it would obviously get fired!

iptable and snort? You're thinking too small.... think about datacenter-level networks and volume of servers.

What the three most important things for a sysAdmin? "Uptime, Uptime, and Uptime."

The router shouldn't matter since this is layer 6 (Presentation), right?
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #17 of 54
Quote:
Originally Posted by DuckieHo View Post

Person who told the intern to do it would obviously get fired!

iptable and snort? You're thinking too small.... think about datacenter-level networks and volume of servers.

What the three most important things for a sysAdmin? "Uptime, Uptime, and Uptime."

The router shouldn't matter since this is layer 6 (Presentation), right?

TLS wink.gif

unless that's just namesake
post #18 of 54
Quote:
Originally Posted by DuckieHo View Post

Person who told the intern to do it would obviously get fired!

iptable and snort? You're thinking too small.... think about datacenter-level networks and volume of servers.

What the three most important things for a sysAdmin? "Uptime, Uptime, and Uptime."

The router shouldn't matter since this is layer 6 (Presentation), right?


(the intern thing was a joke redface.gif)


you can tun iptables on the webserver though, block all tcp anomois and nasties like syn+fin, or psh,urg,ack,fin, and the TLS heartbeat, it doesnt fix the problem but it hides it, And routers with a web interface may be vunerable if they are using openSSL (looking at you ddwrt wink.gif pretty shue thats 1.0.1a) , ive not got any cisco's with a web interface though frown.gif, so if someone could run the test python agsint a few that would be awsome ^_^, see if that dumps the admin password / keys on it
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
post #19 of 54
Quote:
Originally Posted by DuckieHo View Post

You don't just go and patch production servers.....
The number, requirement and importance of the production servers would dictate the skills and abilities of the server engineers and administrators who manage them - suffice to say, a vulnerability like this would get top priority and would be patched faster then you suggest.

Not to mention this can be performed as an in place update, without the requirement to restart, on most servers - unless they are running Windows OS wink.gif
Crimson Basilisk
(25 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 2600K @ 5.1Ghz AsRock Extreme4 Gen3 Palit GTX 680 Jetstream 2GB Palit GTX 680 Jetstream 2GB 
RAMRAMHard DriveHard Drive
G.Skill F3-12800CL9D-8GBXL G.Skill F3-12800CL9D-8GBXL Sandisk Extreme 120GB SSD Sandisk Extreme 120GB SSD 
Hard DriveOptical DriveCoolingCooling
WD Caviar "Black" 1TB SATAII LG WH14NS40 Blu-ray Burner XSPC Rasa CPU (Acetal) Black RX360 Triple Fan Radiator 
CoolingCoolingOSMonitor
XSPC DDC Two BayRes BMaverick Laing DDC (MCP350) Windows 7 Ultimate x64 Philips 201B 21" CRT 
MonitorKeyboardPowerCase
ViewSonic VX922 19" LCD Diamond Digital Black Antec True Power 750w Antec LanBoy Air Red 
MouseMouse PadAudioOther
Epic Gear Meduza (By GEIL) Steel Series QCK+ XL Asus Xonar DX ROCCAT Kave 5.1 Surround Sound Gaming Headset 
Other
Sennheiser hd555 
  hide details  
Reply
Crimson Basilisk
(25 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 2600K @ 5.1Ghz AsRock Extreme4 Gen3 Palit GTX 680 Jetstream 2GB Palit GTX 680 Jetstream 2GB 
RAMRAMHard DriveHard Drive
G.Skill F3-12800CL9D-8GBXL G.Skill F3-12800CL9D-8GBXL Sandisk Extreme 120GB SSD Sandisk Extreme 120GB SSD 
Hard DriveOptical DriveCoolingCooling
WD Caviar "Black" 1TB SATAII LG WH14NS40 Blu-ray Burner XSPC Rasa CPU (Acetal) Black RX360 Triple Fan Radiator 
CoolingCoolingOSMonitor
XSPC DDC Two BayRes BMaverick Laing DDC (MCP350) Windows 7 Ultimate x64 Philips 201B 21" CRT 
MonitorKeyboardPowerCase
ViewSonic VX922 19" LCD Diamond Digital Black Antec True Power 750w Antec LanBoy Air Red 
MouseMouse PadAudioOther
Epic Gear Meduza (By GEIL) Steel Series QCK+ XL Asus Xonar DX ROCCAT Kave 5.1 Surround Sound Gaming Headset 
Other
Sennheiser hd555 
  hide details  
Reply
post #20 of 54
Quote:
Originally Posted by un-nefer View Post

The number, requirement and importance of the production servers would dictate the skills and abilities of the server engineers and administrators who manage them - suffice to say, a vulnerability like this would get top priority and would be patched faster then you suggest.

Not to mention this can be performed as an in place update, without the requirement to restart, on most servers - unless they are running Windows OS wink.gif

Of course, it would get prioritized.... just like anything else. The point is that you don't just go and patch immediately. You still want to notify application owners on this critical patch before applying JUST IN CASE.
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [AT] Critical Crypto Bug in OpenSSL Opens Two-Thirds of the Web to Eavesdropping