Previous Thread
Next Thread
Print Thread
Hop To
Scramble to fix huge 'heartbleed' security bug #255302 04/10/2014 4:01 AM
Joined: Jul 2006
Posts: 4,062
Mark S Offline OP
OP Offline
Joined: Jul 2006
Posts: 4,062
http://www.bbc.co.uk/news/technology-26935905

And how to check

http://stackoverflow.com/questions/...ssl-and-mod-ssl-are-installed-on-apache2

Not sure which is the None Bug version ?
Just wanted to pass on something i only heard about today.


The bug has been present in versions of OpenSSL that have been available for over two years. The latest version of OpenSSL released on 7 April is no longer vulnerable to the bug.

"Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously," wrote the researchers.

Installing an updated version of OpenSSL did not necessarily mean people were safe from attack, said the team. If attackers have already exploited it they could have stolen encryption keys, passwords or other credentials required to access a server, they said.

Full protection might require updating to the safer version of OpenSSL as well as getting new security certificates and generating new encryption keys. To help people check their systems some security researchers have produced tools that help people work out if they are running vulnerable versions of OpenSSL.
http://www.bbc.co.uk/news/technology-26935905



BOOM !! Version v7.6.1.1
People who inspire me Isaac ME Gizmo
Re: Scramble to fix huge 'heartbleed' security bug [Re: Mark S] #255319 04/12/2014 3:02 AM
Joined: Jul 2006
Posts: 4,062
Mark S Offline OP
OP Offline
Joined: Jul 2006
Posts: 4,062
http://heartbleed.com/

check your version you may not be effected smile

What versions of the OpenSSL are affected?

Status of different versions:

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.


BOOM !! Version v7.6.1.1
People who inspire me Isaac ME Gizmo
Re: Scramble to fix huge 'heartbleed' security bug [Re: Mark S] #255324 04/12/2014 3:38 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Offline
UBB.threads Developer
Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
I use CloudFlare as a CDN and they patched all of their SSL servers a week prior to the "oh crap the worlds ending" announcement.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!

Forum Search
ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Mobile app?
by Baldeagle - 12/06/2019 9:32 PM
How do you change Text Line spacing?
by jorb - 11/23/2019 12:14 AM
What happened to FAQ or Forum Help
by Ruben - 11/20/2019 11:58 AM
Search feature encountering an Error message
by jorb - 11/20/2019 12:06 AM
UBB Dev
by JAISP - 11/03/2019 11:01 AM
Who's Online Now
0 registered members (), 69 guests, and 401 spiders.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Amusing Terain Scenics
Amusing Terain Scenics
by isaac, August 19
Sky places
Sky places
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Snapshot build 20191023)