Heartbleed bug - everyone knows everything
-
http://www.theregister.co.uk/2014/04/09/heartbleed_explained/
Wow, bugs eh? Fucking hell. Never trust the client. Ever. -
The no subject thread during a code dilemma was really the last place I should've posted that link."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
Personally I am not changing any passwords unless asked. I have been, twice so far. IFTTT were the most pro-active in fixing the issue."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
Show networks- Fuck Mugtome
- BlueSwirl
- Xbox
- Blue5wirl
- PSN
- BlueSwirl
- Steam
- BlueSwirl
- Wii
- 3DS: 0602-6557-8477, Wii U: BlueSwirl
Send messageGooberTheHat wrote:This might help https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txtSpoiler:
About the only thing I use that was on the vulnerable list was Flickr, and that's got bugger all on it now as I took all my pictures off and moved 'em all to Photobucket.
Cheers much, I'll put this in the OP.For those with an open mind, wonders always await! - Kilton (monster enthusiast) -
Everyone should two factor authenticate at this point."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
Show networks
- Fuck Mugtome
- BlueSwirl
- Xbox
- Blue5wirl
- PSN
- BlueSwirl
- Steam
- BlueSwirl
- Wii
- 3DS: 0602-6557-8477, Wii U: BlueSwirl
Send messagebeano wrote:Everyone should two factor authenticate at this point.
Probably a good idea, for any place you can get it.For those with an open mind, wonders always await! - Kilton (monster enthusiast) -
Show networks
- Fuck Mugtome
- BlueSwirl
- Xbox
- Blue5wirl
- PSN
- BlueSwirl
- Steam
- BlueSwirl
- Wii
- 3DS: 0602-6557-8477, Wii U: BlueSwirl
Send messageAdded some more links to the OP for sys admins and anyone who runs a website.For those with an open mind, wonders always await! - Kilton (monster enthusiast) -
OOD but look at it
http://www.cnet.com/uk/how-to/how-to-enable-two-factor-authentication-on-popular-sites/
Now, quiz every as-a-service you have and enable it, and if you can't, hammer the bastards as to why not then none of us have to go through this shit again.
Seriously, bring on the future of 1K+ rsa's that are implanted into us- seriously the day I am swapping, without thought our public keys for comms will be gold."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
Fuck, digital assurance providers, experian, essentially."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
RSA will be useless once quantum cryptography hits.
Speaking of which, I loved that series on codebreakers by David Singh. And Steganography is the greatest word in the English language."Sometimes it's better to light a flamethrower than curse the darkness." ― Terry Pratchett -
Russians love to steg."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
Show networks- die
- @CustomCosy
- Xbox
- Skerret
- PSN
- Skerret
- Steam
- Skerret
- Wii
- get tae
Send messageThe greatest word in the English language is prestidigitation.Skerret's posting is ok to trip balls to and read just to experience the ambience but don't expect any content.
"I'm jealous of sucking major dick!"~ Kernowgaz -
Show networks
- die
- @CustomCosy
- Xbox
- Skerret
- PSN
- Skerret
- Steam
- Skerret
- Wii
- get tae
Send messageYeah that one is good too.Skerret's posting is ok to trip balls to and read just to experience the ambience but don't expect any content.
"I'm jealous of sucking major dick!"~ Kernowgaz -
Thank you XKCD. -
"Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
Show networks
- Fuck Mugtome
- BlueSwirl
- Xbox
- Blue5wirl
- PSN
- BlueSwirl
- Steam
- BlueSwirl
- Wii
- 3DS: 0602-6557-8477, Wii U: BlueSwirl
Send messageDamn, Elm beat me to it.For those with an open mind, wonders always await! - Kilton (monster enthusiast) -
I'm not sure if this is one of those mistakes we attribute to incompetence or malice."Sometimes it's better to light a flamethrower than curse the darkness." ― Terry Pratchett
-
Total incompetence this, I can show you a flow chart?
The malice the nsa, gchq and whoever probably actually did more or less have this nailed for years and never bleated."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
Although we can probably unearth the check in and background check the
lad, [/I mean programmer, probably male?] no doubt google have. I wonder if they're keeping stchum or even if there's a paper trail back to a real dev at the source?
hastags"Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
I normally get xkcd but I have no clue what that means for my passwords
-
mistercrayon wrote:I normally get xkcd but I have no clue what that means for my passwords
Beano can give you the pro answer, but my layman's understanding is that if one of the lines the thing spits back when handing out 500 letters instead of 3 is "user mistercrayon logged on with password bearandbadger" then it's obviously compromised. Chances are it wasn't included in that, but maybe it was.
I haven't changed anything. My Apple, Twitter, Facebook, Amazon and Google accounts all seem to use 2FA, as does my online banking.... I think I'll wait for the usual "change your password" emails to come out? -
Also, from the marvellous ExplainXKCD.com:
The Heartbleed bug has received a lot of news coverage recently and was also the topic of the previous comic 1353: Heartbleed. This comic explains how the bug may have been discovered and can be exploited to reveal a server's memory contents.
A hypothetical cracker Meg sends heartbeat requests to the server, the server responds to the heartbeat request by returning the contents of the body of the request up to the number of letters requested. The first two requests are well formed, requesting exactly the number of characters in the request body. The server's memory is showing Meg's request with many other requests going on at the same time.
The last request asks for "HAT" but requests that it be 500 letters long; the server — not checking if or simply unaware that 500 letters is larger than the request body — returns "HAT" plus 497 letters that happened to be next to the word "HAT" in its memory. Included are many sensitive bits of information, including a master key and user passwords. One of the passwords shown is "CoHoBaSt", a reference to 936: Password Strength, which suggests using "correct horse battery staple" as a password.
Often popular explanations of security bugs require the issue to be simplified a lot and to leave out a lot of details. In this case Randal didn't have to do much simplifying; the bug is actually that simple. Also, it should be noted that any client which can connect to the server typically can exploit this bug in the underlying OpenSSL software — the use of the term "User Meg" does not imply that Meg had to authenticate first.
The title text is a reference to Are you there God? It's me, Margaret. a novel by Judy Blume, and plays off of the "server, are you still there?" line in every panel where she did start a request. Meg can be a nickname for Margaret as well as Megan, which perhaps explains why the character's usual name, Megan, is abbreviated here. -
https://haveibeenpwned.com/
https://pwnedlist.com/query
Check 'em. Then break yo'self fool!
Sorry, but I'm drinking OJ in the hood here."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
Oh yeah, and fuck the noise...
http://www.theguardian.com/technology/2014/apr/16/heartbleed-bug-detection-tools-flawed
"Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
beano wrote:https://haveibeenpwned.com/
https://pwnedlist.com/query
Check 'em. Then break yo'self fool!
Sorry, but I'm drinking OJ in the hood here.
Phew, thanks for those. The first one is the better IMO. The second says I have been pwned but cant give me any details, while the first says it was grabbed from Adobe. I have absolutely no sensitive data with Adobe and in fact never use the site (it was probably some kind of support sign up thing), so all appears to be good.
Live= sgt pantyfire PSN= pantyfire -
Did you set a notify? The guy running the first link will no doubt make this an on going thing. And also the later. But it's best to know you're fucked so you can do something, at least at your most personal and vulnerable level, i.e. bank, companies house, etc.
It's great because I don't have to hunt out breached data, in order to search for my details in. I really need to get in the habit of deleting those before someone finds what appears to a cache. Clearly I'll always hunt down breached data and check it for myself."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
Show networks
- Fuck Mugtome
- BlueSwirl
- Xbox
- Blue5wirl
- PSN
- BlueSwirl
- Steam
- BlueSwirl
- Wii
- 3DS: 0602-6557-8477, Wii U: BlueSwirl
Send messageFor those with an open mind, wonders always await! - Kilton (monster enthusiast) -
Multi-factor the fuck out of everything.
There was a piece of why the xkcd password method was out of date and suggested using some first letter from each word of a paragraph function instead. Made me laugh."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC -
http://arstechnica.com/security/2014/04/confirmed-nasty-heartbleed-bug-exposes-openvpn-private-keys-too/
Not as srs, for most."Better than a tech demo. But mostly a tech demo for now. Exactly what we expected, crashes less and less. No multiplayer."
- BnB NMS review, PS4, PC
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions2,715
- Games1,879
- Off topic836