1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSL security vulnerability

Discussion in 'BlackHat Lounge' started by ORM, Apr 12, 2014.

  1. ORM

    ORM Power Member

    Joined:
    Oct 16, 2013
    Messages:
    716
    Likes Received:
    675
    Location:
    wealth mastery
    Today some of the websites started strongly recommend to change passwords as there was OpenSSL security vulnerability found. I already experience some issues.

    More info: link
     
  2. Smart SEO

    Smart SEO Senior Member

    Joined:
    Apr 17, 2011
    Messages:
    857
    Likes Received:
    759
    Location:
    Google HQ
    Is your heart bleeding?
     
    • Thanks Thanks x 1
  3. tixpf

    tixpf Regular Member

    Joined:
    Dec 1, 2013
    Messages:
    295
    Likes Received:
    114
    I see what you did there.
     
    • Thanks Thanks x 1
  4. miedy

    miedy Senior Member

    Joined:
    May 17, 2012
    Messages:
    1,007
    Likes Received:
    463
  5. Whisker

    Whisker Moderator Staff Member Moderator Premium Member

    Joined:
    Dec 26, 2007
    Messages:
    994
    Likes Received:
    1,322
    If you just realized this today you should change all sensitive login information on your server, there's a good chance someone has pulled it.
     
  6. ORM

    ORM Power Member

    Joined:
    Oct 16, 2013
    Messages:
    716
    Likes Received:
    675
    Location:
    wealth mastery
    Obsolutely. This thread was created with intention to inform others who werent aware of that
     
    • Thanks Thanks x 1
  7. zone69

    zone69 Junior Member

    Joined:
    Nov 24, 2008
    Messages:
    196
    Likes Received:
    1,290
    You should not only change your passwords but if you run any SSL sites with the vulnerable version of openssl you should re-issue you SSL certificates with a new private key as well as patching your servers.

    It is possible that your private key has been stolen in which case the SSL communication with your site is just as good a clear text communication to someone who has your private key since they can decrypt this communication. This would mean that even if your users change their passwords, they could easily be stolen again.
     
  8. auxiliarus

    auxiliarus Regular Member

    Joined:
    Aug 4, 2013
    Messages:
    466
    Likes Received:
    232
    Location:
    Russian Federation.
    Lol, I think it's been for around 3 years already.
    Not discovered?
     
  9. auxiliarus

    auxiliarus Regular Member

    Joined:
    Aug 4, 2013
    Messages:
    466
    Likes Received:
    232
    Location:
    Russian Federation.
    Never knew we had a mod Whisker :eek:.
     
  10. micjustin33

    micjustin33 Newbie

    Joined:
    Feb 3, 2014
    Messages:
    25
    Likes Received:
    2
    This is seriously a bad bug. I will be keen to see how many companies step forward and fess up that they were vulnerable. They really have no choice and need to tell people so they can change their passwords.