Pages: 1 [2] 3

Author Topic: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug  (Read 3165 times)

0 Members and 1 Guest are viewing this topic.

Offline vezzy

  • Royal Highness
  • ****
  • Posts: 771
  • Cookies: 172
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #15 on: April 08, 2014, 08:26:16 pm »
We can't really tell. The bug was a missing bounds check, so it could very easily be written off as incompetence. Memory-unsafe languages like C are notoriously hard to get completely right, anyway.

And yeah, all distros are pushing package upgrades. Security bugs always warrant it, anyway.
Report to moderator   Logged
Quote from: Dippy hippy
Just brushing though. I will be semi active mainly came to find a HQ botnet, like THOR or just any p2p botnet

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #16 on: April 08, 2014, 08:40:11 pm »
Dude that was massive, i guess i better change my 6 char* password to something longer. Good thing i didn't waste your time at cracking it with some other serious technique.

Seriously, it would be wise if you guys change your passwords cos this has exposed alot of us.
Report to moderator   Logged
If you can't explain it to a 6 year old, you don't understand it yourself.
http://upload.alpha.evilzone.org/index.php?page=img&img=GwkGGneGR7Pl222zVGmNTjerkhkYNGtBuiYXkpyNv4ScOAWQu0-Y8[<NgGw/hsq]>EvbQrOrousk[/img]

Offline Satan911

  • VIP
  • Knight
  • *
  • Posts: 289
  • Cookies: 25
  • Retired god/admin
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #17 on: April 08, 2014, 10:58:18 pm »
Report to moderator   Logged
Satan911
Evilzone Network Administrator

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #18 on: April 09, 2014, 01:24:57 am »
Quote from: kenjoe41 on April 08, 2014, 08:40:11 pm
Dude that was massive, i guess i better change my 6 char* password to something longer. Good thing i didn't waste your time at cracking it with some other serious technique.

Seriously, it would be wise if you guys change your passwords cos this has exposed alot of us.

Well some of us use different passwords and usernames on a barrage of different sites
Report to moderator   Logged
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #19 on: April 09, 2014, 03:49:13 am »
For those of you Arch users they've pushed out the fixed openssl.
Report to moderator   Logged
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline Axon

  • VIP
  • King
  • *
  • Posts: 2047
  • Cookies: 319
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #20 on: April 09, 2014, 10:15:10 am »
Report to moderator   Logged

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #21 on: April 09, 2014, 10:18:03 am »
Quote from: Axon on April 09, 2014, 10:15:10 am
Metasploit Module for HeartBleed bug
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
I was waiting for that :)
Couldnt find it this morning, those guys are fast.
<3 seashells.
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Pillus

  • Serf
  • *
  • Posts: 21
  • Cookies: 2
  • RTFM
    • View Profile
    • ChaseNET
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #22 on: April 09, 2014, 03:29:28 pm »
Aaaand here is the nmap NSE script, which makes it even easier :)
http://seclists.org/nmap-dev/2014/q2/att-27/ssl-heartbleed.nse
Report to moderator   Logged

Offline voodoo

  • Serf
  • *
  • Posts: 42
  • Cookies: 4
  • Try Harder
    • View Profile
    • Security Voodoo
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #23 on: April 11, 2014, 02:36:37 am »
Quote from: lucid on April 09, 2014, 03:49:13 am
For those of you Arch users they've pushed out the fixed openssl.

Noticed and updated immediately.
Report to moderator   Logged
keep it simple

Offline neusbeer

  • Knight
  • **
  • Posts: 223
  • Cookies: 11
  • Beer makes you stronger XD
    • View Profile
    • http://www.facebook.nl/hackneus
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #24 on: April 11, 2014, 02:41:54 pm »
oef..pretty nasty bug indeed..
took 5 sec. to get a sessionid from a site and to log in.
Report to moderator   Logged
--Neusbeer

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #25 on: April 11, 2014, 02:50:05 pm »
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #26 on: April 11, 2014, 06:10:46 pm »
@proxx, saw it on fb, loved it x)

I would like to point out that, unless you have javascript disabled, your Evilzone passwords are sent hashed from your browser to our servers. That only makes them secret tho, not unusable. But ofc sessions could have been stolen, tho they are less permanent.
Report to moderator   Logged
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #27 on: April 11, 2014, 09:25:06 pm »
OpenSSL Heartbleed bug http://9gag.com/gag/a756d3z

Posted on le gag that is 9
Report to moderator   Logged
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #28 on: April 12, 2014, 10:44:52 am »
Report to moderator   Logged
~Factionwars

Offline 0poitr

  • Peasant
  • *
  • Posts: 149
  • Cookies: 64
    • View Profile
Re: Everyone panic: Critical OpenSSL vulnerability: the "heartbleed" bug
« Reply #29 on: April 12, 2014, 05:44:53 pm »
aaand something interesting here as well
http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed

They put up a open challenge to exploit and get the private keys off a vulnerable server.
« Last Edit: April 12, 2014, 05:46:29 pm by 0poitr »
Report to moderator   Logged
Imagination is the first step towards Creation.
Pages: 1 [2] 3