bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 6th Jun 2014, 10:41   #1
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 3,622
Gareth Halfacree is definitely a rep cheat.Gareth Halfacree is definitely a rep cheat.Gareth Halfacree is definitely a rep cheat.Gareth Halfacree is definitely a rep cheat.Gareth Halfacree is definitely a rep cheat.Gareth Halfacree is definitely a rep cheat.Gareth Halfacree is definitely a rep cheat.Gareth Halfacree is definitely a rep cheat.Gareth Halfacree is definitely a rep cheat.Gareth Halfacree is definitely a rep cheat.Gareth Halfacree is definitely a rep cheat.
OpenSSL hit by another major vulnerability

Flaw dates back to the very first release.
http://www.bit-tech.net/news/bits/20...cs-injection/1
__________________
Author, Raspberry Pi User Guide, Meet the Raspberry Pi | gareth.halfacree.co.uk | twitter
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is offline   Reply With Quote
Old 7th Jun 2014, 14:07   #2
SinxarKnights
Multimodder
 
Join Date: Jan 2007
Posts: 120
SinxarKnights has yet to learn the way of the Dremel
I personally find this to be a good thing but others may not agree. The more bugs like this that are found the better. It is unfortunate that it took such a major issue (Heartbleed) to draw attention to code corporations has been using for years without actually looking at how it works and if it is reasonably secure.

This whole debacle with OpenSSL had me wondering, why did so many large important sites/networks/corporations use something like this without inspecting the code for vulnerabilities? Did everybody just jump on the bandwagon with the assumption "Company X uses it, so it is safe"? Or are code security and encryption experts like Masashi Kikuchi so few and far between that the likelihood of one of them laying their eyes on the code is almost nill?

I can see nothing but good coming from this. Sure some people might lose faith in OpenSSL (or open source as a whole) but it will be stronger as a result.
SinxarKnights is offline   Reply With Quote
Old 7th Jun 2014, 16:14   #3
Baguette
Multimodder
 
Join Date: Aug 2010
Posts: 79
Baguette has yet to learn the way of the Dremel
The important thing to realise is that these issues are not easily spotted. They are not caused by a lazy this'll-do attitude. The openSSL project gets contributions from some really clever people, but one of the quirks of programming is that you sometimes can't predict exactly how code will work.
Big companies won't inspect the code because it is code that is already tested to be secure, and on such a large scale that spotting a new vulnerability is a very low chance, compared to the cost of testing. Some people do put money into this however, and some companies live solely to test security code!
Baguette is offline   Reply With Quote
Old 7th Jun 2014, 17:56   #4
debs3759
Was that a warranty I just broke?
 
debs3759's Avatar
 
Join Date: Oct 2011
Location: Northampton
Posts: 1,551
debs3759 is definitely a rep cheat.debs3759 is definitely a rep cheat.debs3759 is definitely a rep cheat.debs3759 is definitely a rep cheat.debs3759 is definitely a rep cheat.debs3759 is definitely a rep cheat.debs3759 is definitely a rep cheat.debs3759 is definitely a rep cheat.debs3759 is definitely a rep cheat.debs3759 is definitely a rep cheat.debs3759 is definitely a rep cheat.
Things like this make me glad I'm usually skint - there's nothing for anyone to abuse/steal
__________________


HeatWare
debs3759 is offline   Reply With Quote
Old 7th Jun 2014, 20:52   #5
forum_user
forum_title
 
Join Date: Jan 2012
Posts: 217
forum_user has yet to learn the way of the Dremel
We need secure protection. It is too easy for me (and the world) to download Kali Linux and use the network tools to watch my neighbours' browsing habits.
forum_user is offline   Reply With Quote
Reply

Tags
ccs injection, encryption, heartbleed, insecurity, libressl, masashi kukuchi, open source, openssl, privacy, security, vulnerability

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 10:38.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.