10 years ago
3
Heartbleed: Serious OpenSSL zero day vulnerability revealed
A new OpenSSL vulnerability has shown up and some companies are annoyed that the bug was revealed before patches could be delivered for it.
Continue Reading http://www.zdnet.com
Additional Contributions:
Join the Discussion
This is a viciously serious SSL bug that will ruin your day. Here's what it looks like:
(normal login experience)
* Normal User: "I want to login. Here's my encrypted login information"
* Server: (unwraps the encrypted login information)
* Server: "OK. Normal User. you can log in"
* Normal User: "yay. I logged in"
(heartbleed bug experience)
* Normal User: "I want to login. Here's my encrypted login information"
* Server: (unwraps the encrypted login information)
* Attacker: "Hi"
* Server: (quietly sends Normal User's login information to Attacker)
* Server: "OK. Normal User. you can log in"
* Normal User: "yay. I logged in"
This is a super critical bug. I was able to snag a user's login information on a public website and could easily log in as him. It's that dangerous. More information here:
http://heartbleed.com
http://www.reddit.co.../the_heartbleed_bug/
Ohh shit, that's serious! Checking this out right now...
Same here and passing it on.