Author Topic: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug  (Read 3170 times)

0 Members and 3 Guests are viewing this topic.

Offline vezzy

  • Royal Highness
  • ****
  • Posts: 771
  • Cookies: 172
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #15 on: April 08, 2014, 08:26:16 pm »
We can't really tell. The bug was a missing bounds check, so it could very easily be written off as incompetence. Memory-unsafe languages like C are notoriously hard to get completely right, anyway.

And yeah, all distros are pushing package upgrades. Security bugs always warrant it, anyway.
Quote from: Dippy hippy
Just brushing though. I will be semi active mainly came to find a HQ botnet, like THOR or just any p2p botnet

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #16 on: April 08, 2014, 08:40:11 pm »
Dude that was massive, i guess i better change my 6 char* password to something longer. Good thing i didn't waste your time at cracking it with some other serious technique.

Seriously, it would be wise if you guys change your passwords cos this has exposed alot of us.
If you can't explain it to a 6 year old, you don't understand it yourself.
http://upload.alpha.evilzone.org/index.php?page=img&img=GwkGGneGR7Pl222zVGmNTjerkhkYNGtBuiYXkpyNv4ScOAWQu0-Y8[<NgGw/hsq]>EvbQrOrousk[/img]

Offline Satan911

  • VIP
  • Knight
  • *
  • Posts: 289
  • Cookies: 25
  • Retired god/admin
    • View Profile
Satan911
Evilzone Network Administrator

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #18 on: April 09, 2014, 01:24:57 am »
Dude that was massive, i guess i better change my 6 char* password to something longer. Good thing i didn't waste your time at cracking it with some other serious technique.

Seriously, it would be wise if you guys change your passwords cos this has exposed alot of us.

Well some of us use different passwords and usernames on a barrage of different sites
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #19 on: April 09, 2014, 03:49:13 am »
For those of you Arch users they've pushed out the fixed openssl.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python


Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #21 on: April 09, 2014, 10:18:03 am »
Metasploit Module for HeartBleed bug
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
I was waiting for that :)
Couldnt find it this morning, those guys are fast.
<3 seashells.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Pillus

  • Serf
  • *
  • Posts: 21
  • Cookies: 2
  • RTFM
    • View Profile
    • ChaseNET
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #22 on: April 09, 2014, 03:29:28 pm »
Aaaand here is the nmap NSE script, which makes it even easier :)
http://seclists.org/nmap-dev/2014/q2/att-27/ssl-heartbleed.nse

Offline voodoo

  • Serf
  • *
  • Posts: 42
  • Cookies: 4
  • Try Harder
    • View Profile
    • Security Voodoo
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #23 on: April 11, 2014, 02:36:37 am »
For those of you Arch users they've pushed out the fixed openssl.

Noticed and updated immediately.
keep it simple

Offline neusbeer

  • Knight
  • **
  • Posts: 223
  • Cookies: 11
  • Beer makes you stronger XD
    • View Profile
    • http://www.facebook.nl/hackneus
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #24 on: April 11, 2014, 02:41:54 pm »
oef..pretty nasty bug indeed..
took 5 sec. to get a sessionid from a site and to log in.
--Neusbeer

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #25 on: April 11, 2014, 02:50:05 pm »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #26 on: April 11, 2014, 06:10:46 pm »
@proxx, saw it on fb, loved it x)

I would like to point out that, unless you have javascript disabled, your Evilzone passwords are sent hashed from your browser to our servers. That only makes them secret tho, not unusable. But ofc sessions could have been stolen, tho they are less permanent.
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #27 on: April 11, 2014, 09:25:06 pm »
OpenSSL Heartbleed bug http://9gag.com/gag/a756d3z

Posted on le gag that is 9
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
~Factionwars

Offline 0poitr

  • Peasant
  • *
  • Posts: 149
  • Cookies: 64
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #29 on: April 12, 2014, 05:44:53 pm »
aaand something interesting here as well
http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed

They put up a open challenge to exploit and get the private keys off a vulnerable server.
« Last Edit: April 12, 2014, 05:46:29 pm by 0poitr »
Imagination is the first step towards Creation.