Editing Talk:1353: Heartbleed
Please sign your posts with ~~~~ |
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | |||
− | |||
I added a transcript, if I messed up on anything, I'm sorry! [[Special:Contributions/173.245.55.73|173.245.55.73]] 06:08, 9 April 2014 (UTC) | I added a transcript, if I messed up on anything, I'm sorry! [[Special:Contributions/173.245.55.73|173.245.55.73]] 06:08, 9 April 2014 (UTC) | ||
:Thanks for the transcript! (nothing seems messed up) [[Special:Contributions/141.101.88.206|141.101.88.206]] 06:41, 9 April 2014 (UTC) | :Thanks for the transcript! (nothing seems messed up) [[Special:Contributions/141.101.88.206|141.101.88.206]] 06:41, 9 April 2014 (UTC) | ||
Line 10: | Line 8: | ||
I'd just like to take this moment to say that even though you probably don't have anything of value stored here, Explain xkcd is good on the Heartbleed front. Not using any of the affected software because the data we handle isn't private at all probably helps with that. And yes, Mediawiki hashes your passwords before they're sent. '''[[User:Davidy22|<u>{{Color|#707|David}}<font color=#070 size=3>y</font></u><font color=#508 size=4>²²</font>]]'''[[User talk:Davidy22|<tt>[talk]</tt>]] 07:18, 9 April 2014 (UTC) | I'd just like to take this moment to say that even though you probably don't have anything of value stored here, Explain xkcd is good on the Heartbleed front. Not using any of the affected software because the data we handle isn't private at all probably helps with that. And yes, Mediawiki hashes your passwords before they're sent. '''[[User:Davidy22|<u>{{Color|#707|David}}<font color=#070 size=3>y</font></u><font color=#508 size=4>²²</font>]]'''[[User talk:Davidy22|<tt>[talk]</tt>]] 07:18, 9 April 2014 (UTC) | ||
− | |||
− | |||
Have the following from [http://www.openssl.org/news/secadv_20140407.txt OpenSSL Bug Report] | Have the following from [http://www.openssl.org/news/secadv_20140407.txt OpenSSL Bug Report] | ||
Should this be incorperated into the main explanation, and how should it be formated | Should this be incorperated into the main explanation, and how should it be formated | ||
[[User:Jonv4n|Jonv4n]] ([[User talk:Jonv4n|talk]]) 08:07, 9 April 2014 (UTC) | [[User:Jonv4n|Jonv4n]] ([[User talk:Jonv4n|talk]]) 08:07, 9 April 2014 (UTC) | ||
+ | ---- | ||
+ | |||
OpenSSL Security Advisory [07 Apr 2014] | OpenSSL Security Advisory [07 Apr 2014] | ||
+ | ======================================== | ||
+ | |||
TLS heartbeat read overrun (CVE-2014-0160) | TLS heartbeat read overrun (CVE-2014-0160) | ||
+ | ========================================== | ||
A missing bounds check in the handling of the TLS heartbeat extension can be | A missing bounds check in the handling of the TLS heartbeat extension can be | ||
Line 34: | Line 35: | ||
1.0.2 will be fixed in 1.0.2-beta2. | 1.0.2 will be fixed in 1.0.2-beta2. | ||
+ | |||
+ | ---- | ||
+ | |||
:Actually, attack is limited to data in memory of the webserver PROCESS. Even on affected computers, other applications are safe and most of disk content is safe. Not speaking about the fact that in many cases, the public-facing webserver is just proxy cache before the real ones. The real problem is if someone immediately used the revealed data - either to impersonate the server or for example found the admin password and used it to copy the database ... which DOES leave traces. I agree with Cueball: there can be worse kind of bug. In fact, I'm sure that what Edward Snowden revealed is worse, although not technically bug. -- [[User:Hkmaly|Hkmaly]] ([[User talk:Hkmaly|talk]]) 10:18, 9 April 2014 (UTC) | :Actually, attack is limited to data in memory of the webserver PROCESS. Even on affected computers, other applications are safe and most of disk content is safe. Not speaking about the fact that in many cases, the public-facing webserver is just proxy cache before the real ones. The real problem is if someone immediately used the revealed data - either to impersonate the server or for example found the admin password and used it to copy the database ... which DOES leave traces. I agree with Cueball: there can be worse kind of bug. In fact, I'm sure that what Edward Snowden revealed is worse, although not technically bug. -- [[User:Hkmaly|Hkmaly]] ([[User talk:Hkmaly|talk]]) 10:18, 9 April 2014 (UTC) | ||
: Hkmaly -- Completely agree. Posted a [http://security.stackexchange.com/questions/55270/does-xkcd-com-1353-overstate-heartbleeds-capability similar discussion] at security.stackexchange.com and altered the text here to describe heartbleed in more detail. [[User:Jimbob|Jimbob]] ([[User talk:Jimbob|talk]]) 21:33, 9 April 2014 (UTC) | : Hkmaly -- Completely agree. Posted a [http://security.stackexchange.com/questions/55270/does-xkcd-com-1353-overstate-heartbleeds-capability similar discussion] at security.stackexchange.com and altered the text here to describe heartbleed in more detail. [[User:Jimbob|Jimbob]] ([[User talk:Jimbob|talk]]) 21:33, 9 April 2014 (UTC) | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |