http://www.neowin.net/news/openssl-affected-by-heartbleed-zero-day-vulnerabilityA new security flaw affecting OpenSSL, the popular cryptographic protocol used by many websites, has been discovered and is reported to be very serious.
According to the Heartbleed website, the zero-day vulnerability found in OpenSSL affects the stable version 1.0.1 and the 1.0.2 beta version. Older versions of OpenSSL such as 0.9.8 used in Mac OS and iOS and 1.0.0 are not vulnerable to "Heartbleed". Although the vulnerability has been addressed in OpenSSL's version 1.0.1g, it is present in prior versions up to 1.0.1f. Exploiting this flaw, hackers can obtain primary and secondary SSL keys in addition to directly hijacking data being transferred over HTTPS.
Some web companies such as CloudFlare which provides security services for other websites, have used methods recommended by OpenSSL and patched the "Heartbleed" flaw but the methods are not ready for broad deployment according to a report from ZDNet.
Open source firms Red Hat, Debian, SuSE, Canonical, and Oracle are reportedly working hard to patch the OpenSSL vulnerability in their operating systems and are expected to release the patches in 12 hours. Administrators are advised to deploy these patches for operating systems and network equipment as soon as they are made available by manufacturers and software developers.
So.. i opened up my Vertcoin wallet and i see it is vulnerable using 1.0.1'c'
Miners are also often vulnerable many use OpenSSL.
I know i have had to download and install it many times working on miner mods.
So lets see what coins are real and which are fake currency pyramid scheme clones that will not get fixed.
Only real devs will address a security concern ..if they know
how lol
First, yawn, knew about this for like two days already.
Second, I hope you're not using linux, because if you are, OpenSSL is not compiled in, it's linked to the lib on your system.
Also, miners are not vulnerable, quit spreading FUD. You don't know what you're talking about.
Oh, and even if the wallet IS vulnerable, the only way it can be exploited is through bitcoin: links or RPC SSL, and if you don't know what RPC SSL is, you're not using it.
Seems limited to the process but very dangerous nonetheless.
http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.htmlWhen I heard about it, I figured that 64KB wasn't enough to look for things like secret keys. The heap, on x86 at least, grows up, so I figured that pl would simply read into newly allocated memory, such as bp. Keys and the like would be allocated earlier, so you wouldn't be able to read them. Of course, with modern malloc implementations, this isn't always true.
And further, you won't be able to read the memory of any other process, so those "business critical documents" would need to be in memory of the process, less than 64KB, and be nearby pl.
Why does everyone think you can only read 64KB? You can only read that much using one heartbeat. By sending more, you can read an arbitrary amount of memory.
can you talk with out being an asshole ?
and what i use is of no use to this conversion but if you must know i use backtrack or khali when i use linux.
and no i don't spread FUD ever.. i spread FACTS
you do look like an idiot right now by the way because anyone that had to download the OpenSSL project binaries to work on coding a miner
is going to know exactly what i am talking about.. You know it doesn't take much to check your facts rather than running your mouth eh
so off the top of my head i will give you two examples to put your big mouth in its place and maybe next time you feel compelled to tell me off
..you can check your facts first.
example no. 1 - Cudaminer needed to use OpenSSL SHA.h in the main c file and used an alternate hashing function to support Max coin.
example no. 2 - ALL miners pretty much use LibCurl and they may depending on the dev's preferences use OpenSSL with that Library.
care to spout off some more jack ass ?
edit:
and your mouthing off and bragging you knew about the vulnerability but didn't say anything to us all ? yaaawn
sorry to bore you lol
i guess we should delete the Topic Wolf is bored right ? hahaa
you can find "the FUD" (the include) on line 38 in the file cpu-miner.c in Cudaminer version 2014-02-09
where it says..
