|
Title: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? Post by: Justin00 on June 06, 2014, 12:35:40 PM have not had a chance to fully vertify the new vulnerabilities.
hopefully theymos had ? any chance you have been able to see if the site is vulnerable ?? from a quick glance one of them were quite serious... Title: Re: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? Post by: Mikez on June 06, 2014, 12:41:15 PM As far as I know, and as theymos announced, bitcointalk is not heartbleed vulnerable anymore. Have new vulnerabilies surfaced?
I used a couple of SSL checkers just now and everything seemed fine. Title: Re: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? Post by: abacus on June 06, 2014, 05:06:12 PM Have new vulnerabilies surfaced? Yes, yesterday:https://www.openssl.org/news/secadv_20140605.txt (https://www.openssl.org/news/secadv_20140605.txt) Title: Re: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? Post by: BCwinning on June 06, 2014, 05:07:46 PM Have new vulnerabilies surfaced? Yes, yesterday:https://www.openssl.org/news/secadv_20140605.txt (https://www.openssl.org/news/secadv_20140605.txt) affected version there is no issues. Title: Re: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? Post by: abacus on June 06, 2014, 05:24:29 PM Those only affect systems that are affected by heartbleed. So if openssl has been upgraded from the affected version there is no issues. Oh, good to know. Then there's a bit of FUD in many articles about this news. Title: Re: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? Post by: shorena on June 06, 2014, 05:50:13 PM Those only affect systems that are affected by heartbleed. So if openssl has been upgraded from the affected version there is no issues. Oh, good to know. Then there's a bit of FUD in many articles about this news. Its FUD that this only affects systems that are affected by the heartbleed bug. One of the new bugs is in code that the same person wrote who did the misstakes in heartbleed, maybe thats where this missunderstanding comes from. From what I read noone uses DTLS anyway. Anonymous ECDH is not used by the forum and barely any homepage for that matter because most use certificates anyway. The only thing that could affect us would be the possible MITM for Bitcoin, but than not really doing any damage AFAIK. You can MITM with Bitcoin anyway, but not get the juicy stuff (private keys). Title: Re: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? Post by: theymos on June 06, 2014, 05:52:18 PM The forum's OpenSSL was updated yesterday.
Those only affect systems that are affected by heartbleed. So if openssl has been upgraded from the affected version there is no issues. No, it's unrelated to heartbleed Title: Re: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? Post by: Justin00 on June 07, 2014, 09:48:20 AM good man theymos.
I must apologise for an hositility I have shown towards you in the past; however I will still keep you on your toes, espeaclly when security and what not is at stake :) The forum's OpenSSL was updated yesterday. Those only affect systems that are affected by heartbleed. So if openssl has been upgraded from the affected version there is no issues. No, it's unrelated to heartbleed Title: Re: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? Post by: Mikez on June 07, 2014, 10:05:05 AM Here's another thread on the new vulnerabibilities: https://bitcointalk.org/index.php?topic=640430
Title: Re: Is this site affected 1 of the 6 or so new openssl vulnerabilities ? Post by: Peter882 on June 07, 2014, 10:22:08 AM Here's another thread on the new vulnerabibilities: https://bitcointalk.org/index.php?topic=640430 I believe that thread in "Development & Technical Discussion" focuses on the affects on the wallet client, while this one in "Meta" focuses on the forum itself. :) |