1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

OpenSSL wide open to hackers

Discussion in 'Networking & Security' started by Red_Machine, Apr 8, 2014.

  1. Red_Machine

    Red_Machine

    Joined:
    Oct 1, 2010
    Messages:
    1,721 (1.21/day)
    Thanks Received:
    374
    Location:
    Marlow, ENGLAND
    Chevalr1c and ne6togadno say thanks.
  2. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,727 (1.74/day)
    Thanks Received:
    575
    tisk..tisk
  3. pr0n Inspector

    pr0n Inspector

    Joined:
    Dec 8, 2008
    Messages:
    1,334 (0.64/day)
    Thanks Received:
    164
    worst part is that it's 2-year-old. could've been silently exploited for all we know.
  4. Chevalr1c

    Chevalr1c

    Joined:
    Sep 3, 2010
    Messages:
    3,184 (2.19/day)
    Thanks Received:
    1,364
    Didn't GnuTLS have a similar bug not very long ago?
    Crunching for Team TPU
  5. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,727 (1.74/day)
    Thanks Received:
    575
    See some of these open source project people spend more time arguing over stupid crap instead of fixing stuff. Typical Linux mentality. Smh.
  6. Ferrum Master

    Ferrum Master

    Joined:
    Nov 18, 2010
    Messages:
    570 (0.41/day)
    Thanks Received:
    120
    Location:
    Rīga
    You mean Linus's ego inheritance... :D
    remixedcat says thanks.
  7. pr0n Inspector

    pr0n Inspector

    Joined:
    Dec 8, 2008
    Messages:
    1,334 (0.64/day)
    Thanks Received:
    164
    WTF? OpenSSL has nothing to do with Linux. It's not even using the same type of license.

    And I'm not going to even touch on how stupid it is to assume tens of thousands of programmers all over the world just somehow all share the same "Linux mentality"(wtf does that even mean). You seem to think being a yes man to some corporate managers somehow makes you a better coder.
  8. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,727 (1.74/day)
    Thanks Received:
    575
    Its the god complex mentality they have that Linus perpetuated. Also the fact they tell people to eff off instead of taking criticism gracefully. Not saying it about all just a lot of these projects have this issue. Its sad.
  9. eidairaman1

    eidairaman1

    Joined:
    Jul 2, 2007
    Messages:
    12,249 (4.68/day)
    Thanks Received:
    1,415
    sounds like comcast
  10. pr0n Inspector

    pr0n Inspector

    Joined:
    Dec 8, 2008
    Messages:
    1,334 (0.64/day)
    Thanks Received:
    164

    What's "a lot"?

    Sometimes people just don't like some hot heads suddenly barge in and start making many or radical commits to projects they started or worked on for years, it's perfectly understandable. The open source community is held together by collaboration, software development simply doesn't work like in corporate environments where you should just shut up and do your job. You can just take the code and fork it if you disagree with the project leaders that much and many did, some even overtook the original.
  11. BiggieShady

    BiggieShady

    Joined:
    Feb 8, 2012
    Messages:
    957 (1.03/day)
    Thanks Received:
    320
    Location:
    Zagreb, Croatia
    This is much more pronounced when the open source project is a security library used by more than 50% of internet.
    I wonder why no one ever suspects foul play - it would be so easy to sabotage this kind of project by committing code that leaks memory (or paying someone involved to do it).
  12. puma99dk|

    puma99dk|

    Joined:
    Aug 29, 2005
    Messages:
    3,339 (1.02/day)
    Thanks Received:
    748
    doesn't this just show that nothing is perfect when it comes to security?

    we all know this shouldn't exist but yet it does o_O
  13. Naito

    Naito

    Joined:
    Oct 10, 2009
    Messages:
    297 (0.17/day)
    Thanks Received:
    85
    Location:
    Terra Australis
    Security? Ha. Nothing of the sort exists with agencies like the NSA around.
  14. flmatter

    flmatter

    Joined:
    Feb 11, 2012
    Messages:
    243 (0.26/day)
    Thanks Received:
    92
    Location:
    Anchorage Alaska
    1 Million points folded for TPU
  15. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,727 (1.74/day)
    Thanks Received:
    575
    I still think the NSA paid someone off
  16. Champ

    Champ

    Joined:
    Jun 28, 2008
    Messages:
    849 (0.38/day)
    Thanks Received:
    68
    Location:
    Greenville, NC
    so has anything arisen from this yet?
  17. flmatter

    flmatter

    Joined:
    Feb 11, 2012
    Messages:
    243 (0.26/day)
    Thanks Received:
    92
    Location:
    Anchorage Alaska
    Not really, just change your passwords, it is truly amazing how quiet it has been, from everyone - anti-virus companies to gov't intel agencies.
    1 Million points folded for TPU
  18. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,727 (1.74/day)
    Thanks Received:
    575
    NSA has everyone by the balls
    Champ says thanks.
  19. Divide Overflow

    Divide Overflow

    Joined:
    Apr 15, 2009
    Messages:
    189 (0.10/day)
    Thanks Received:
    51
    Hasn't been anything attributed to this vulnerability yet. Now that it's widely known, I'm sure there will be a couple of exploits on the servers who are slow to patch.
  20. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,186 (6.55/day)
    Thanks Received:
    2,028
    Location:
    Concord, NH
    If they're really that slow, it's possible that they never enabled the heartbeat extension or their software is older than the bug. Either way, I think this has been an over-glorified bug report. The content of the data that a "hacker" would get from this would widely vary. It won't always lead to a breach of security either.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page