Unless you've been living under a rock, you've probably seen some stories circulating around the web talking about OpenSSL and Heartbleed. Heartbleed is the coining of the exploit that was found by a Google security expert and is talking about the heartbeat that servers send out to see if the SSL connection is still live.
The problem is, the exploit allows anyone to pick up that heartbeat and read what's in the server's memory at the time. Of course, as you probably surmised already, this is a very bad thing. All sorts of sensitive data can be stored there along with the encryption and decryption keys the server uses for the data stream. If the site is using PFS, Perfect Forward Secrecy, the issue is isolated to that particular session, as PFS uses a session hash to uniquely identify it.
The bottom line is that everyone using the web should change their passwords. The exploit has reportedly been out for around 2 years and there is no assessment of the extent of damage, if any. If anyone knew about it earlier on, they were definitely sitting on it pretty tightly.
Check out Christina Warren's Mashable article about Heartbleed and what you need to know. The article also links off to a list of sites where you should change your password if you have accounts with any of them. Heck, it's a good idea to just change your passwords in general on a regular basis, so why not do it now?Add a comment
- Created: 11 April 2014
- Hits: 24
If you've been following my site recently, you already know I've upgraded my Joomla installation. Since all of the extensions I was using were mostly deprecated with the newer Joomla, I explored new extensions and tried to replace some old ones to keep the same functionality. One I tried was FLEXIcontent.Add a comment
- Created: 09 December 2013
- Hits: 234
So I've upgraded my Joomla! site quite a bit. I'm surprised hackers didn't target me over a year ago like they did back circa 2009. Anyway, you will find a couple of things do not work in addition to the following changes:Add a comment
- Created: 06 December 2013
- Hits: 246
IPCop is a great firewall, but lacks intuitive documentation in some areas and leaves the user scouring search engines and help forums to find solutions to what seem like fairly typical issues. If you use IPCop, you know what I mean when I say Red, Green, Orange, etc... You know I'm not talking about colors or painting, but about the color designation of each network.
Red = WAN
Green = primary LAN (typically)
Blue = wireless
Orange = DMZAdd a comment
- Created: 07 December 2013
- Hits: 490
Recently, it occurred to me that I should update my IPCOP firewall box. I was using an older version - I think 1.4. So, I just happened along to their page at http://www.ipcop.org and see that they have a new version! I quickly downloaded the latest .ISO, burned it, and then installed it on a laptop! Yes, a laptop. I have an old P4/1GB laptop that is much quieter than the box I was using. The only challenge was the lack of two Ethernet ports.
Overcoming the Ethernet port problem was a quickly resolved "problem" by using my old Linksys USB adapter that takes an Ethernet cable. Nice! On to the installation....Add a comment
- Created: 21 March 2013
- Hits: 1769