Friam

Re: Major bug called 'Heartbleed' exposes Internet data

Posted by joshua@stigmergic.net on
URL: http://friam.383.s1.nabble.com/Fwd-Major-bug-called-Heartbleed-exposes-Internet-data-tp7585135p7585142.html

according to 
https://www.schneier.com/blog/archives/2014/04/heartbleed.html
http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat

apparently the bug gives access to 64K chunk of ram on the server.  The private key might be in that chunk,  but probably won’t be…  however you will get different chunks over time so if you wait long enough you might end up with a chunk that has a private key or someone’s password.

—joshua
 
On Apr 10, 2014, at 10:05 AM, Owen Densmore <[hidden email]> wrote:

Hi Barry.  How would the private keys be exposed?  The pub/priv computation is done locally, right?

BTW: All node servers are secure due to their ssl config turning off the "heartbeat" option.  NodeWeekly:
Node 0.8.x and 0.10.2+ Not Vulnerable to Heartbleed Issue  Popular Node versions aren’t exposed to the Heartbleed vulnerability as the heartbeat extension was turned off in a Node commit a year ago. Yay.
GITHUB

   -- Owen


On Thu, Apr 10, 2014 at 9:51 AM, Barry MacKichan <[hidden email]> wrote:
It is a major PITA. Certificates on affected servers (which include Amazon EC2 Linus servers) may have had their private keys exposed, so certificates have to be reissued with different keys. This is, apparently, a major bottleneck.

—Barry




On 9 Apr 2014, at 21:23, Owen Densmore wrote:

Worth knowing about:

http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/

Pretty serious crypto flaw.

[image: Inline image 1]
-- Owen

[image.png]

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com


============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
Free forum by Nabble Edit this page