Author

Topic: New OpenSSL vulnerability (Read 931 times)

full member
Activity: 196
Merit: 100
June 07, 2014, 08:37:01 AM
#8
thanks for clearinf that up, I understand now.
hearbleed was pretty annoyiny. God help us if they come up wth more and more.

Atleas IT specialits wil  have jobs Smiley
legendary
Activity: 2053
Merit: 1356
aka tonikt
June 07, 2014, 08:31:00 AM
#7
I do not understand some of ths. Is the vulnerabilities relatrd to new version of openSSL or hjave they always been there but someone finally figuird out an exploit(s) ?
From what I read, these vulnerabilities were there for years.

The public finally figured them out, but for all we know someone could have just as well planted them there, on which case he'd have an exploit(s) ever since.

After the heartbleed incident, people have finally started to seriously audit this code.
These are just the first findings - I'm betting more will come.
full member
Activity: 196
Merit: 100
June 07, 2014, 08:23:20 AM
#6
I do not understand some of ths. Is the vulnerabilities relatrd to new version of openSSL or hjave they always been there but someone finally figuird out an exploit(s) ?
legendary
Activity: 2053
Merit: 1356
aka tonikt
June 07, 2014, 08:02:08 AM
#5
I think there's a division of people in the NSA that their sole job is to create huge bugs that are hard to find and push them onto open source crypto projects.
Of course there is.
Mr Snowden was very specific about this, already like a year ago.
And now they are trying to get his ass, just for exposing it.
sr. member
Activity: 475
Merit: 252
June 07, 2014, 07:59:09 AM
#4
AFAIK, the SSL part of OpenSSL is only used there for the new payment protocol and RPC-SSL (the one you switch on with -rpcssl command line switch).

If you don't use any of the two features, you should not be affected by the vulnerability.
At least the recently reported one - the one that you are asking about.

Who knows what other devils are still in there...
OpenSSL is a one big messy lib and devs just keep treating it like a black box, so nobody has an actual idea what this piece of crap does inside.

I think there's a division of people in the NSA that their sole job is to create huge bugs that are hard to find and push them onto open source crypto projects.

I'mma take my tin foil hat and uhhhh lock myself in a bunker for the rest of my life now...
legendary
Activity: 2053
Merit: 1356
aka tonikt
June 07, 2014, 05:32:07 AM
#3
AFAIK, the SSL part of OpenSSL is only used there for the new payment protocol and RPC-SSL (the one you switch on with -rpcssl command line switch).

If you don't use any of the two features, you should not be affected by the vulnerability.
At least the recently reported one - the one that you are asking about.

Who knows what other devils are still in there...
OpenSSL is a one big messy lib and devs just keep treating it like a black box, so nobody has an actual idea what this piece of crap does inside.
hero member
Activity: 543
Merit: 500
June 07, 2014, 04:58:14 AM
#2
Article at Arstechnica: http://arstechnica.com/security/2014/06/still-reeling-from-heartbleed-openssl-suffers-from-crypto-bypass-flaw/
Would this concern bitcoin? I don't know, someone more knowledgeable please comment.

I would like to know that, is it safe to continue using version 0.9.1 with OpenSSL 1.0.1g?
legendary
Activity: 2170
Merit: 1094
June 05, 2014, 12:09:38 PM
#1
Article at Arstechnica: http://arstechnica.com/security/2014/06/still-reeling-from-heartbleed-openssl-suffers-from-crypto-bypass-flaw/
Would this concern bitcoin? I don't know, someone more knowledgeable please comment.
Jump to: