• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Heartbleed

Scheduled Pinned Locked Moved
General
4
4
1.6k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    Jaymes Driver Developer
    last edited by Apr 9, 2014, 11:29 AM

    I found this on the net while looking through news 😞

    [url]http://www.bbc.com/news/technology-26935905[/url]

    [FONT=Arial][COLOR=#333333]The bug in OpenSSL was discovered by researchers working for Google and security firm Codenomicon.[/COLOR][/FONT]
    [FONT=Arial][COLOR=#333333]In a blog entry about their findings the researchers said the “serious vulnerability” allowed anyone to read chunks of memory in servers supposedly protected with the flawed version of OpenSSL. Via this route, attackers could get at the secret keys used to scramble data as it passes between a server and its users.[/COLOR][/FONT]
    [FONT=Arial][COLOR=#333333]“This allows attackers to eavesdrop [on] communications, steal data directly from the services and users and to impersonate services and users,” wrote the team that discovered the vulnerability. They called it the “heartbleed” bug because it occurs in the heartbeat extension for OpenSSL.[/COLOR][/FONT]
    [FONT=Arial][COLOR=#333333]The bug has been present in versions of OpenSSL that have been available for over two years. The latest version of OpenSSL released on 7 April is no longer vulnerable to the bug.[/COLOR][/FONT]

    WARNING TO USERS: My comments are written completely devoid of emotion, do not mistake my concise to the point manner as a personal insult or attack.

    1 Reply Last reply Reply Quote 0
    • T
      Tom Elliott
      last edited by Apr 9, 2014, 11:31 AM

      So a simple update will fix it!

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • N
        need2 Moderator
        last edited by Apr 9, 2014, 3:36 PM

        Yay updates!

        Now sadly, many users will be affected by this long term, due to OpenSSL being embedded in various network appliances and other long-life systems that companies have to pay license fees just to update. My organization narrowly missed this bug due to our equipment being in the golden age right before the versions vulnerable to Heartbleed.

        I think within the next month, most major and responsible organizations will have patched themselves against Heartbleed. But due to the wide ranging impact of an OpenSSL exploit, Heartbleed could still be leaking data for the next five years.

        1 Reply Last reply Reply Quote 0
        • W
          Wolfbane8653 Developer
          last edited by Apr 16, 2014, 5:14 PM

          wow soooo many people/companies are reporting this is in their stuff. Nice job keeping up-to-date James

          1 Reply Last reply Reply Quote 0
          • 1 / 1
          • First post
            Last post

          187

          Online

          12.2k

          Users

          17.3k

          Topics

          155.5k

          Posts
          Copyright © 2012-2024 FOG Project