Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Wired)   HTTPS is really just HTTP apparently   (wired.com ) divider line
    More: Fail, Heartbleed, HTTP Secure, cryptographic protocol, OpenSSL, encryption, SSL  
•       •       •

16972 clicks; posted to Main » on 05 Jun 2014 at 12:27 PM (2 years ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



144 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest


Oldest | « | 1 | 2 | 3 | » | Newest | Show all

 
2014-06-05 12:28:56 PM  
Open source is "secure".
 
2014-06-05 12:32:05 PM  
Unlike the Heartbleed flaw, which allowed anyone to directly attack any server using OpenSSL, the attacker exploiting this newly discovered bug would have to be located somewhere between the two computers communicating. But that still leaves open the possibility that anyone from an eavesdropper on your local Starbucks' network to the NSA to strip away your Web connection's encryption before it's even initialized.

According to a blog post by Kikuchi, the flaw has existed since the very first release of OpenSSL in 1998



Ouch.
 
2014-06-05 12:32:14 PM  
Ha, joke's on them.  My servers are so old and un-patched they're not exposed to the bug.
 
2014-06-05 12:32:17 PM  

ikanreed: Open source is "secure".


Did your wife, Heather Locklear tell you that?  Yea, that's the ticket.........
 
2014-06-05 12:32:22 PM  
www.trademarkia.com
 
2014-06-05 12:34:31 PM  

ikanreed: Open source is "secure".


It gets more secure every day.
 
2014-06-05 12:34:54 PM  
 I'd be surprised if there were a real exploit base on this.
 
2014-06-05 12:35:08 PM  
I just assume anyone can read anything I write, and so confine myself to boring ... statements.  Or writings, if you prefer.  You may not prefer, I don't know.
 
2014-06-05 12:35:37 PM  
most/all those insecure bugs were put in there for the NSA.  at their "request".    dinkies.
 
2014-06-05 12:35:59 PM  

yakmans_dad:  I'd be surprised if there were a real exploit base on this.


Why?
 
2014-06-05 12:36:18 PM  
opps, forgot.   Shoutout to the NSA!!

you're doing a great job,Boys!
 
2014-06-05 12:37:19 PM  

ikanreed: Open source is "secure".


You sound like a _Yes man.
 
2014-06-05 12:37:31 PM  

Snort: ikanreed: Open source is "secure".

It gets more secure every day.


Alright, you know what, I don't think I'm cut out to be a troll.  I don't think I could create a purposefully obtuse argument here.  If Microsoft had this kind of vulnerability, we likely wouldn't even know.
 
2014-06-05 12:38:55 PM  
So for Perpetual Noobs like me, where am I supposed to go to get the update/patch?
 
2014-06-05 12:38:59 PM  

Snort: ikanreed: Open source is "secure".

It gets more secure every day.



and it will continue to get more secure.  you hear more about open source bugs because open source does not hide its bugs like closed source often does.

open source software developers are the first to publish bugs because they know it is the quickest way to get them patched.

i.o.w. just because you aren't aware of a bug does not mean it doesn't exist.   ignorance is bliss.

all bugs are shallow given enough eyeballs.
 
2014-06-05 12:39:41 PM  

brimed03: So for Perpetual Noobs like me, where am I supposed to go to get the update/patch?



it's called google.
 
2014-06-05 12:40:27 PM  

ikanreed: Snort: ikanreed: Open source is "secure".

It gets more secure every day.

Alright, you know what, I don't think I'm cut out to be a troll.  I don't think I could create a purposefully obtuse argument here.  If Microsoft had this kind of vulnerability, we likely wouldn't even know.



You are correct.  ignorance is bliss.  for awhile, anyway.
 
2014-06-05 12:40:32 PM  

ikanreed: Snort: ikanreed: Open source is "secure".

It gets more secure every day.

Alright, you know what, I don't think I'm cut out to be a troll.  I don't think I could create a purposefully obtuse argument here.  If Microsoft had this kind of vulnerability, we likely wouldn't even know.


Nice false flag.

/I keed
 
2014-06-05 12:41:47 PM  

ikanreed: Open source is [more] "secure" than windows.



True.
 
2014-06-05 12:41:55 PM  
The new attack, found by Japanese researcher Masashi Kikuchi, takes advantage of a portion of OpenSSL's "handshake" for establishing encrypted connections known as ChangeCipherSpec, allowing the attacker to force the PC and server performing the handshake to use weak keys that allows a "man-in-the-middle" snoop to decrypt and read the traffic.

Isn't this why newer protocols don't allow encryption downgrades anymore?
 
2014-06-05 12:43:12 PM  

Linux_Yes: brimed03: So for Perpetual Noobs like me, where am I supposed to go to get the update/patch?


it's called google.


Yes, treat the self-admitted noob like a noob. That'll help you feel better about yourself, won't it? Ya got some HotPocket crumbs on Mom's basement rug again, acne boy.
 
2014-06-05 12:44:14 PM  

Snort: ikanreed: Open source is "secure".

It gets more secure every day.



snort.org   good software.    good enough to be used by the NSA.
 
2014-06-05 12:45:41 PM  
itmanagement.earthweb.com
 
2014-06-05 12:45:52 PM  
You know we can tell that you're clicking SMART and FUNNY on your own posts, L_Y.
 
2014-06-05 12:45:53 PM  

ikanreed: Open source is "secure".


Don't get me started.
 
2014-06-05 12:46:27 PM  

brimed03: Linux_Yes: brimed03: So for Perpetual Noobs like me, where am I supposed to go to get the update/patch?


it's called google.

Yes, treat the self-admitted noob like a noob. That'll help you feel better about yourself, won't it? Ya got some HotPocket crumbs on Mom's basement rug again, acne boy.



yes!!  i do!!    and you should take more incentive and google. as long as you can read, you'll find the solution and you won't have to bug others to do it for you.

now, IF you search and read and cannot find the solution, THEN you ask for help in a software forum and you will get it.  it's called Community.  communities know if you are being lazy.
 
2014-06-05 12:47:15 PM  
static.tumblr.com
 
2014-06-05 12:48:36 PM  

yakmans_dad: I'd be surprised if there were a real exploit base on this.


I'd be surprised if there weren't exploits.

They said the bug was easy to find, but hadn't been found due to a lack of qualified people reviewing the code.

You don't think the NSA has people going through all open source projects' source code looking for vulnerabilities?
 
2014-06-05 12:49:21 PM  

Dragonflew: You know we can tell that you're clicking SMART and FUNNY on your own posts, L_Y.



i know.  duh.  and if someone isn't motivated and self confident enough to vote for themselves, i can't see why anyone else would read their posts.  you should vote for your posts too.  unless you think your posts are full of sh*t.

imagine if Obama, after entering the voting both, selected Rmoney.  or didn't vote at all.  what would that say about Obama??
 
2014-06-05 12:49:40 PM  
So, to exploit this bug, you'd need to have a man-in-the-middle in place before the 3-way handshake?

Shut. Down. Everything.
 
2014-06-05 12:50:04 PM  
If you have nothing to hide you have nothing to fear, isn't that how it goes?
 
2014-06-05 12:51:02 PM  
Fortunately, I use a Mac, so I don't have to worry about viruses or whatever.

/runs away
 
2014-06-05 12:51:44 PM  

brimed03: So for Perpetual Noobs like me, where am I supposed to go to get the update/patch?


OpenSSL is a software library. Unless you're a software developer using it in your application, there's nothing you need to (or can) do.
 
2014-06-05 12:52:04 PM  

Gonz: you'd need to have a man-in-the-middle in place before the 3-way handshake?


Hey, don't I know you from Craigslist?
 
2014-06-05 12:52:29 PM  

Linux_Yes: Dragonflew: You know we can tell that you're clicking SMART and FUNNY on your own posts, L_Y.


i know.  duh.  and if someone isn't motivated and self confident enough to vote for themselves, i can't see why anyone else would read their posts.  you should vote for your posts too.  unless you think your posts are full of sh*t.

imagine if Obama, after entering the voting both, selected Rmoney.  or didn't vote at all.  what would that say about Obama??


You're a bit..."special", aren't you?
 
2014-06-05 12:52:32 PM  

Linux_Yes: Dragonflew: You know we can tell that you're clicking SMART and FUNNY on your own posts, L_Y.


i know.  duh.  and if someone isn't motivated and self confident enough to vote for themselves, i can't see why anyone else would read their posts.  you should vote for your posts too.  unless you think your posts are full of sh*t.

imagine if Obama, after entering the voting both, selected Rmoney.  or didn't vote at all.  what would that say about Obama??


I didn't realise you were running for King Troll.  Carry on.
 
2014-06-05 12:52:57 PM  

Gonz: So, to exploit this bug, you'd need to have a man-in-the-middle in place before the 3-way handshake?

Shut. Down. Everything.


Guess what?  All third party servers that route information can be considered compromised until evidence shows otherwise.  Sure, not all of them are, but you have no idea.  Traceroute a message sometime.  Do you seriously trust every server that gets reported along the way?
 
2014-06-05 12:53:57 PM  

Snort: ikanreed: Open source is "secure".

It gets more secure every day.



img.fark.net
 
2014-06-05 12:54:38 PM  

Loaf's Tray: Linux_Yes: Dragonflew: You know we can tell that you're clicking SMART and FUNNY on your own posts, L_Y.


i know.  duh.  and if someone isn't motivated and self confident enough to vote for themselves, i can't see why anyone else would read their posts.  you should vote for your posts too.  unless you think your posts are full of sh*t.

imagine if Obama, after entering the voting both, selected Rmoney.  or didn't vote at all.  what would that say about Obama??

You're a bit..."special", aren't you?



no.  but you seem to think so, giving me all this attention.
 
2014-06-05 12:54:47 PM  
This is very old news.  Moxie Marlinspike put out SSL-Strip years ago.  That's one of the attacks that got me into network security in the first place.
 
2014-06-05 12:55:13 PM  

Linux_Yes: Loaf's Tray: Linux_Yes: Dragonflew: You know we can tell that you're clicking SMART and FUNNY on your own posts, L_Y.


i know.  duh.  and if someone isn't motivated and self confident enough to vote for themselves, i can't see why anyone else would read their posts.  you should vote for your posts too.  unless you think your posts are full of sh*t.

imagine if Obama, after entering the voting both, selected Rmoney.  or didn't vote at all.  what would that say about Obama??

You're a bit..."special", aren't you?


no.  but you seem to think so, giving me all this attention.


I'm not the only one, slugger...
 
2014-06-05 12:55:35 PM  
NSA and Snort.org


two peas in a pod.
 
2014-06-05 12:57:22 PM  

Loaf's Tray: Linux_Yes: Loaf's Tray: Linux_Yes: Dragonflew: You know we can tell that you're clicking SMART and FUNNY on your own posts, L_Y.


i know.  duh.  and if someone isn't motivated and self confident enough to vote for themselves, i can't see why anyone else would read their posts.  you should vote for your posts too.  unless you think your posts are full of sh*t.

imagine if Obama, after entering the voting both, selected Rmoney.  or didn't vote at all.  what would that say about Obama??

You're a bit..."special", aren't you?


no.  but you seem to think so, giving me all this attention.

I'm not the only one, slugger...



yea, whateva'

http://www.youtube.com/watch?v=viaTT859Yk0   (SFW)
 
2014-06-05 12:57:26 PM  

Linux_Yes: ikanreed: Snort: ikanreed: Open source is "secure".

It gets more secure every day.

Alright, you know what, I don't think I'm cut out to be a troll.  I don't think I could create a purposefully obtuse argument here.  If Microsoft had this kind of vulnerability, we likely wouldn't even know.


You are correct.  ignorance is bliss.  for awhile, anyway.


He's incorrect.  A security researcher posted this, just like security researchers post them for Microsoft related items.
 
2014-06-05 12:58:07 PM  
Submitter's mom is open source
 
2014-06-05 01:00:22 PM  
This probably won't be the last big bug found in the OpenSSL libraries, either.  The heartbleed bug opened a lot of eyes to the fact that OpenSSL was a seriously neglected project.  They now have funding, full time developers, and every security expert in the world is digging through the code.  We should probably expect these types of articles pretty frequently for at least the near future.
 
2014-06-05 01:01:53 PM  

ikanreed: Gonz: So, to exploit this bug, you'd need to have a man-in-the-middle in place before the 3-way handshake?

Shut. Down. Everything.

Guess what?  All third party servers that route information can be considered compromised until evidence shows otherwise.  Sure, not all of them are, but you have no idea.  Traceroute a message sometime.  Do you seriously trust every server that gets reported along the way?


Well, yes and no. I mean, most of my professional traffic tends to either be local, or through a VPN. My non-work stuff? I suppose I operate under the same principle that I took with the Snowden/ NSA stuff- I'm such a drop in the ocean of digital noise that it really doesn't matter all that much.

Someone would need to go to a hell of a lot of work to separate all my packets out from the others, and then hope they have enough to glean the information they're looking for.
 
2014-06-05 01:02:16 PM  

Linux_Yes: brimed03: Linux_Yes: brimed03: So for Perpetual Noobs like me, where am I supposed to go to get the update/patch?


it's called google.

Yes, treat the self-admitted noob like a noob. That'll help you feel better about yourself, won't it? Ya got some HotPocket crumbs on Mom's basement rug again, acne boy.


yes!!  i do!!    and you should take more incentive and google. as long as you can read, you'll find the solution and you won't have to bug others to do it for you.

now, IF you search and read and cannot find the solution, THEN you ask for help in a software forum and you will get it.  it's called Community.  communities know if you are being lazy.


Actually, you're being worse than lazy; you're misdirecting brimed03. The answer is contained in the article:

"The non-profit foundation, whose encryption is used by the majority of the Web's SSL servers, issued a patch and advised sites that use its software to upgrade immediately."

So, as an end user, there's nothing you can do other than not use the Internet for secure communications, including financial transactions.
 
2014-06-05 01:03:28 PM  

Dragonflew: You know we can tell that you're clicking SMART and FUNNY on your own posts, L_Y.


Well, his "girlfriend in Canada" isn't going to do it.
 
2014-06-05 01:05:17 PM  

Linux_Yes: NSA and Snort.org


two peas in a pod.


What does an IDS have to do with the NSA?
 
Displayed 50 of 144 comments


Oldest | « | 1 | 2 | 3 | » | Newest | Show all


View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter








In Other Media
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report