IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / It now has its own website..
Post #388,381
by Ashton
4/9/14 4:50:04 PM
Reply
New It now has its own website..
http://heartbleed.com/

Salon has a take:
http://www.salon.com...about_heartbleed/


There are many reasons to be concerned about “Heartbleed,” the catastrophic vulnerability in the Internet’s most popular security technology that was disclosed on Tuesday. For one thing, it’s not even clear what we, as individuals, should be doing about it. At the Atlantic, James Fallows is strongly urging that we change our passwords to our most crucial online services right now. But other experts are advising that we should wait a day or two, until potentially compromised sites have upgraded their software. Otherwise, we’ll just be handing a new password over to an already-busted security system.

That’s nerve-wracking, but not quite as anxiety inducing as the speculation floated by Bruce Schneier, a longtime security analyst with impeccable credentials.

At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

By “odds are close to one” Schneier means that the likelihood that the Heartbleed bug has already been exploited by everyone from the NSA to to the People’s Liberation Army is close to 100 percent. But even more distressing is the notion that this might not have been an accident.

[. . .]



As does Guardian:
http://www.theguardi...usands-of-servers

Etc. ie WHAT "MISSING AIRPLANE" ??? when...

We gots a NEW mystery (of similar signal/noise) wrapped in a cynical matrix of OBVIOUS 'interested Parties', Comrade..
KGB/China/NSANSA/and others too-numerous.
Worst Case??? Hell Youse Guys are s'posed to do gedanken What-Ifs -??- in fucking Boolean Space,

Aint'cha?
Post #388,386
by drook
Picture of drook
4/9/14 5:01:17 PM
Reply
New Most damning point IMO
If the PCI guys were against it just for the high-level design, an implementation bug is the least of our worries.

But it makes our site faster ...
--

Drew
Post #388,394
by folkert
Picture of folkert
4/10/14 1:52:43 AM
Reply
New Yes... this. ^^^
--
greg@gregfolkert.net
"No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
     Heartbleed and OpenSSL - (folkert) - (27) - April 8, 2014, 10:09:41 AM EDT
         Re: Heartbleed and OpenSSL - (pwhysall) - (6) - April 8, 2014, 05:52:36 PM EDT
             #1353 - (Another Scott) - (1) - April 9, 2014, 08:24:36 AM EDT
                 :0) -NT - (mmoffitt) - April 9, 2014, 08:43:36 AM EDT
             Well dammit -NT - (drook) - April 9, 2014, 11:12:36 AM EDT
             It is even more fun than that - (scoenye) - (1) - April 9, 2014, 06:42:50 PM EDT
                 Look for "pacemaker" as related to heartbleed... - (folkert) - April 10, 2014, 01:53:52 AM EDT
             Amazing... - (folkert) - April 10, 2014, 01:47:49 AM EDT
         It now has its own website.. - (Ashton) - (2) - April 9, 2014, 04:50:04 PM EDT
             Most damning point IMO - (drook) - (1) - April 9, 2014, 05:01:17 PM EDT
                 Yes... this. ^^^ -NT - (folkert) - April 10, 2014, 01:52:43 AM EDT
         XKCD is cool today - (drook) - (1) - April 11, 2014, 01:34:52 PM EDT
             wow - (crazy) - April 11, 2014, 01:50:42 PM EDT
         SJMN: White House and NSA deny they knew about it. - (Another Scott) - (10) - April 11, 2014, 09:31:33 PM EDT
             Re: SJMN: White House and NSA deny they knew about it. - (pwhysall) - (9) - April 14, 2014, 07:29:44 AM EDT
                 I find this comment at Wonkette plausible. - (Another Scott) - (4) - April 14, 2014, 08:04:31 AM EDT
                     Note the followup if you use Chrome. - (Another Scott) - (3) - April 14, 2014, 08:56:04 AM EDT
                         So Google doesn't understand the implications of... - (a6l6e6x) - (2) - April 14, 2014, 12:18:46 PM EDT
                             Deliberately turned off as of 2012 - (scoenye) - (1) - April 15, 2014, 06:44:12 PM EDT
                                 I wonder if "Lifelock" is getting a spike in business... :-( -NT - (Another Scott) - April 15, 2014, 07:19:35 PM EDT
                 Hola Peter.. Query: - (Ashton) - (3) - April 14, 2014, 08:18:39 PM EDT
                     Re: Hola Peter.. Query: - (pwhysall) - (2) - April 15, 2014, 03:42:33 AM EDT
                         hehe. -NT - (Another Scott) - April 15, 2014, 08:27:48 AM EDT
                         No they wouldn't ... they've got Policies -NT - (drook) - April 15, 2014, 08:37:53 AM EDT
         And it's exactly as bad as stated. - (pwhysall) - (2) - April 14, 2014, 07:36:53 AM EDT
             Damn! - (a6l6e6x) - April 14, 2014, 12:33:20 PM EDT
             Irony. - (static) - April 15, 2014, 10:32:00 PM EDT
         Possible nasty side effect on Debian if OpenSWAN is used - (scoenye) - April 15, 2014, 07:05:35 PM EDT

Sounds like a horse. Maybe it was.
40 ms