Putter geeks and the rest of us dummies

[skeets]

The Heartbleed Bug
An incredibly large number of websites, email servers and virtual private networks (VPNs) use security software called OpenSSL to shield communications between your computer and their servers. When you log in to Yahoo, for example, OpenSSL prevents an attacker from intercepting the transmitted data to capture your login and password. The OpenSSL software library is a major part of what keeps much of the world’s private data safe across the web — it’s the heart of online security, if you will.

Heartbleed is a major security hole in multiple versions of OpenSSL resulting in temporary information being stored in a site’s server memory after it has been unencrypted. That server memory can be read by anyone on the Internet. The bug lets attackers sneak a peek at your login credentials and also can give them the encryption key they need to unlock any other sensitive information being stored and transmitted. It can even give hackers the ability to impersonate websites in the future using those stolen encryption keys.
–http://www.techlicious.com/blog/heartbleed-security-bug-may-be-worst-ever/

 

[Rob]

A While back i used to run my own Computer tech company offering data encryption, data recovery and data management services for a wide range of companies etc until it got me so stressed out and decided make a change and have a easier life, as such these sort of headlines come as no surprise to me, nor do they make me run for cover and unplug my kit, i just make sure that I allways keep sensative data away from an outside link or port and never leave anything i dont want seen on my system.
Computer security is only as safe as you make it, and dont assume because you have all the latest updates on your system you are covered.
Anyway, as with all things tech there will allways be problems, loopholes cyber attacks , server insecurities etc etc, it is the nature of the business and will allways be that way.
Now that electronic technologies control our lives to a much larger extent than before and we all rely on that technology in our everyday lives, issues like this Heartbleed bug are only going to increase and as such we will all just deal with it and move on until the next one rears it head.

Weather its a laptop,tablet,smartphone or pc , they can all be linked accessed and hacked.
It just a case of reducing the chances of attack etc.

rob

 

[skeets]

Now who woulda thunk you could get this sort of information and knowledge about computers on a tractor forum?
Thanks Rob, its this kind of input from members that make this site so interesting and insightful

 

[The_Al]

Fortunately this is server side, but in my experience is the worst (or most impressive depending upon your position I guess) available local buffer overflow mistake I have seen. I have spent a significant amount of time in this area of computational and security analysis and this one is bad news. The key exchange folks will make some money off of this.

In a nutshell (pretty much already mentioned in previous posts) their is a method that this protocol uses to allow for reconnecting without having to do a lot of work (it is very expensive in-terms of computational needs to calculate the original exchange) every time on re-connect. So, what was implemented as an RFC (Request For Comment) and what was in the RFC unfortunately did not translate. Unfortunately sanity checking was not as clean as it could have been and that in essence allowed for the ability to "grab" passwords, etc. pretty easily.

If you want gore details I can provide, but no one likes to hear that usually (no one likes math unfortunately)