Carl Durrek Carl is a gaming fanatic, forever stuck on Reddit and all-around lover of food.

Hackers amanage to steal Cloudflare private security keys

41 sec read

This morning, content distribution network Cloudflare gave some hope to those affected by the Heartbleed security flaw with an announcement that the bug might not be as bad as feared. In two weeks of testing, Cloudflare said, its researchers failed to exploit the bug to steal a website’s private SSL keys, which secures the data sent to users. It issued a challenge to white-hat hackers to successfully retrieve the private security keys — and unfortunately for the web, one of them succeeded.

The widely-used open source library OpenSSL revealed on Monday it had a major bug, now known as “heartbleed”. By sending a specially crafted packet to a vulnerable server running an unpatched version of OpenSSL, an attacker can get up to 64kB of the server’s working memory. This is the result of a classic implementation bug known as a Buffer over-read There has been speculation that this vulnerability could expose server certificate private keys, making those sites vulnerable to impersonation. This would be the disaster scenario, requiring virtually every service to reissue and revoke its SSL certificates. Note that simply reissuing certificates is not enough, you must revoke them as well.

 

Source
Avatar of Carl Durrek
Carl Durrek Carl is a gaming fanatic, forever stuck on Reddit and all-around lover of food.

Obama wants $19 billion to improve America’s cyber security

Cyber attacks have grown to become one of the most-important issues in the United States, with both corporations and government agencies suffering from them in...
Avatar of Brian Molidor Brian Molidor
55 sec read

A hacker managed to steal information from the DHS…

Motherboard reported on Sunday that a hacker managed to get their hands on the personal information of about 30,000 employees for the DHS and FBI,...
Avatar of Alfie Joshua Alfie Joshua
57 sec read

The Java plug-in is finally going to meet its…

It’s been more than two decades since Oracle decided to start plaguing web browsers with its Java plug-in, but it looks like it’s time for Oracle...
Avatar of Chastity Mansfield Chastity Mansfield
58 sec read

Leave a Reply

Your email address will not be published. Required fields are marked *