|
sj2199 (OP)
|
 |
April 22, 2014, 06:36:07 AM |
|
can someone explain me about heartbleed bug?what is it?why is it considered a big threat to internet security??  |
|
|
|
|
|
|
Light
|
|
April 22, 2014, 07:04:05 AM |
|
The heartbleed bug isn't exactly easy to understand (from a technical perspective) but in layman's terms it was a flaw in OpenSSL (which is used widely) that enabled attackers to gain access to 64kB of memory with each 'heartbeat' which allowed theft of servers' private keys and users' session cookies and passwords. Hence the suggestion to change your password - as it may be compromised.
|
|
|
|
|
HCLivess
Legendary
 Offline
Activity: 2114
Merit: 1090
=== NODE IS OK! ==
|
|
April 22, 2014, 12:05:14 PM |
|
It is easy to explain the heartbleed bug:
You ask server for a varibale, the variable uses a 6-character-long string, but you request e.g. 600 characters instead and get much more than you should.
|
|
|
|
|
rohnearner
|
|
April 22, 2014, 02:05:20 PM |
|
It is easy to explain the heartbleed bug:
You ask server for a varibale, the variable uses a 6-character-long string, but you request e.g. 600 characters instead and get much more than you should.
Believe me I know what is Heartbleed bug and you explained to the simpler level but the problem this explanation won't work if the person don't know what is a variable how the client server model works etc..! so if someone asks me what is heartbleed bug..! I just tell them Its a vulnerability found in Open SSL then i explain them what is Open SSL then i explain them what is server and what is encryption ..! and when i look at there faces in the end of explanation I just tell them " Just change Your Passwords " |
|
|
|
Foxpup
Legendary
Offline
Activity: 4532
Merit: 3183
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
April 23, 2014, 12:00:34 AM |
|
The heartbleed bug isn't exactly easy to understand (from a technical perspective)
Yes, it is:  |
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions! |
|
|
|
mamichula
|
|
April 23, 2014, 07:11:29 AM |
|
It's considered a big treat because 2/3 of the websites on the internet use the software.
|
|
|
|
|
Swordsoffreedom
Legendary
Offline
Activity: 2940
Merit: 1135
Leading Crypto Sports Betting & Casino Platform
|
|
April 23, 2014, 07:45:59 AM |
|
It's considered a big treat because 2/3 of the websites on the internet use the software.
Pretty much this and basically it allows people to send an inquiry question then have the server tell them the dirty little secrets as its reply Refer to image above  |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|
Equate
|
|
April 23, 2014, 08:01:06 AM |
|
Not only users need to change their passwords but websites also need to fix the bug . And this bug is constantly being exploited as you can see the security news .
|
|
|
|
|
nthunder
Newbie
Offline
Activity: 50
Merit: 0
|
|
April 25, 2014, 07:02:43 PM |
|
It's overrated. Journalists got jiggly because they actually got something to write about but it's far less severe than they make it sound. The vast majority of servers were already patched when the news came out. Don't sweat it.
|
|
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1147
The revolution will be monetized!
|
|
April 25, 2014, 07:11:22 PM |
|
That cartoon does a pretty good job of explaining it. |
|
|
|
|
Equate
|
|
April 25, 2014, 07:16:40 PM |
|
Metasploit module for heartbleed is available already making its exploitation easy.
|
|
|
|
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
April 25, 2014, 09:36:06 PM |
|
The heartbleed bug isn't exactly easy to understand (from a technical perspective)
Yes, it is: Hue hue. Good one. That's the point. I cannot believe this bug ever come out ... Crazy Security fail |
|
|
|
|
|
pekv2
|
|
April 25, 2014, 09:39:09 PM |
|
Soon, a liverleakbleed bug will be found. Who knows how many more of these things are still in the wild.
|
|
|
|
|
|
