Jump to content

Two thirds of all SSL connections might as well be unencrypted


Streetwind

Recommended Posts

Good afternoon internet! Have you recently entered a password? Anywhere? At any site? You might want to consider changing that soon...

http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

TL;DR: a serious security issue in OpenSSL was announced today, dubbed "Heartbleed". For the past two years, it has been possible for an attacker to read out plain private keys, usernames, emails, passwords and other such information from the TLS heartbeat. This attack leaves no trace on the affected server and could be performed indefinitely often.

About 66% of all secure connections on the entire internet today rely on this vulnerable version of OpenSSL.

A fix has been provided together with the announcement, but due to the untraceable attack, nobody has any idea of the magnitude at which this was exploited, or or who used it and since when. This has potential to be one of the single biggest security breaches to ever exist.

Edited by Streetwind
Link to comment
Share on other sites

Yeah, I saw an article on it today. Decided to put off paying a bunch of bills this evening. Partly this, partly coz lazy.

It's pretty bad, but you don't get to choose the data that is leaked out. However, in time it seems you can get any and everything. Including the server certificates!

Link to comment
Share on other sites

This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...