Forum Home
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Popular

    Urgent - System Updates - System Updates

    Mining
    1
    2
    735
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wrapper
      wrapper Moderators last edited by

      In case you haven’t heard.

      HEARTBLEED SSL vulnerability

      Just watching Tech Snap about the detail of SSL exploit in “Heartbleat SSL session linker / extender”.

      It is urgent to do a system update of any pools, mining equipment, web sites or exchanges.

      This SSL vulnerability is easily exploited and critical to security. It is urgent and essential to patch your systems.

      Feathercoin 0.8.6.1 - Hard Fork Update, inc. Heatbeat fix.

      It would be advisable to prepare for the Feathercoind update 0.8.6.1, although a point release it contains major changes to Feathercoin transaction block frequency and other security updates, including updated SSL libraries.

      Watch out for the Feathercoind 0.8.6.1 release announcement soon.

      Re:

      Patching GNU/Linux Kernel

      http://www.digitaltrends.com/computing/how-to-update-ubuntu-plug-heartbleed-openssl-flaw/

      Re: SSL Heartbeat

      http://www.jupiterbroadcasting.com/54907/ssl-heartbreak-techsnap-157/

      1 Reply Last reply Reply Quote 0
      • wrapper
        wrapper Moderators last edited by

        The Heartbleed bug

        On New Year’s Eve 2011, German researcher and OpenSSL contributor Robin Seggelmann added code implementing a new feature called “heartbeats”.

        The idea was straightforward: if a connection between two computers stays silent for too long, it is disconnected, so periodic “heartbeat” messages can keep the connection going.

        As well as a simple “I’m here”, messages contain a arbitrary “payload” which is sent back and forth, a little like this:

        Computer 1: “Hi, I’m still here, the payload is 5 characters long and is ‘12345’.”

        Computer 2: “Hi, great, you’re still there, and your payload was 5 characters long and was ‘12345’.”

        Unfortunately, Seggelmann’s code didn’t check that the payload was of the indicated length, so a malicious request could request more data than was in the payload:

        Computer 1: “Hi, I’m still here, the payload is 50,000 characters long and is ‘12345’.”

        Computer 2 would then send back a message with a payload of the requested length, the first characters of which would be the 12345 sent. The rest would be whatever happened to be in the computer’s memory next to the payload.

        The exact contents sent back varied between systems and over time. But as well as information such as user passwords or private data, it could contain something called the private master key.

        With access to this key, an “attacker” can electronically impersonate the organisation who rightfully owns the key, and unscramble all the private messages sent to that organisation â€" including old ones, if they’ve kept the previously unreadable scrambled versions.

        Criminals could, for instance, steal the key of a major bank and then electronically impersonate it. It’s a potential field day for spies, too.

        Ref:

        http://phys.org/news/2014-04-heartbleed-bug-reveals-flaw-online.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post