Skip to main content

Heartbleed

Heartbleed, what and how ? 

Heartbleed is a bug in software commonly used to encrypt sensitive data between Web servers and Web browsers. The bug allows anyone on the Internet to compromise secret keys that Web servers use to encrypt traffic, which allows attackers to eavesdrop on all communication between the Web server and its users – even communication that was encrypted and supposed to be private.

The Heartbleed vulnerability in OpenSSL has sent just about everyone who uses the Web for fun or profit gibbering madly in search of a solution, creating fertile ground for spammers, scammers and marketing types.

The OpenSSL Software Project has issued a fix, and recommends upgrading immediately to OpenSSL 1.0.1g, or to recompile OpenSSL and disable the Heartbeat functionality that caused the vulnerability.

"Be skeptical of unsolicited advice, especially advice that warns of dire consequences for inaction," warned Easy Solutions' Ingevaldson.


"There will be many more discoveries of additional systems vulnerable to Heartbleed in the coming months," Ingevaldson continued. "Unfortunately, many of these systems will be legacy, difficult to patch, or even impossible to patch.

Resources : 
- http://news.rutgers.edu/hot-topic/hot-topic-internet-security-threat-potentially-touches-all-who-%E2%80%98surf-web%E2%80%99/20140416#.U1UwZOaFbdI
- http://www.technewsworld.com/story/80330.html

Labels:

Comments

Post a Comment

Popular posts from this blog

The Difference between DB and DB_EXTENDED

When doing Audit on any table on the the database , the default auditing is DB. SQL > show parameters audit_trail NAME                                 TYPE        VALUE ------------------------------------ ----------- ------------------------------ audit_trail                          string      DB in this case , when you do audit on some table. SQL> audit all on scott.emp by access; Audit succeeded SQL> update emp set sal=sal*0.95 where job='MANAGER'; 3 rows updated. if you want to know the statement made these changes, you will receive nothing on the sql_text field while you are selecting the audit_trial table.
Post a Comment
Read more

Do you think , Google makes a mistake ?

It seems Google makes a new mistake by launching its new security key (2-step verification)  one of the steps is USB device .  The question  :how come can i plug USB into my mobile (I-Phone , I-Pad , Samsung Galaxy , ....) !  Do Google know the difficulties while you are holding a USB on your hand all the time .  so You can't access  your  account if it's not in your hands. or it's damaged ?  This solution is hopeless , I think it's designed for small audience. As someone says : Can you convince the Bank Manager while you are putting the USB Device into the bank PC, that you are securing your PC , not stealing the bank data, or not transferring amounts of money to other account . or what else .  You know , This way is not quietly good , If I have many accounts on Google and other websites ,I need many  USB devices to verify myself.  That's of course , not good at all.
Post a Comment
Read more

Big lies makes you pay

It's about web security , but this article contains many lies that we are saying or thinking about  and never try to make sure that we are not going to fall in it. These lies about web security . 1- The Lock icon is lighting on , it's ok it's amazing that everyone looks for the lock int he browser bar to believe that this site so secure, it's a big lie . you are not safe .  the lock in the browser bar doesn't mean that you are fully secure , it's only the SSL , means that the data are transferred in secure way .  but the agent(Hacker) who get the info can use it easily. Note : some Hackers are very good at faking SSL certificate or buying one . 2- Website Reputation  It's not true that if you don't visit websites of ill repute , you are in all clear ,No No! Wrong answer.  more than 83% of malware hosting sites are trusted. 3- Don't underestimate the information in your computer . This is the most dangerous poin...
Post a Comment
Read more