The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,518 other followers

Posts Tagged ‘Heartbleed’

More OpenSSL and certificate things (in the aftermath of Heartbleed)

Posted by jpluimers on 2014/04/13

So you think Heartbleed is over. Think again. Not only servers are affected. Clients too. And you need to tighten your security even more.

Basically it comes down to this:

Expect all sites using HTTPS to have been vulnerable, and all data you exchanged to be captured. Unless you can have hard proof they were not vulnerable, or the traffic was not captured. If you have not started changing passwords, private keys, credit card numbers, etc: do so now.

and

In layman’s terms/pictures: xkcd: Heartbleed Explanation.

If you still don’t get it: anyone with any HTTPS connection to a once vulnerable system could copy data out of that system. There is no guarantee that data did not contain your identity (username, password, public key, credit card check-digits, etc) or server identity (private and public key).

Since often you cannot prove a system was using OpenSSL, there is no way to prove your data didn’t get copied.

Here are some interesting reads from last week:  Read the rest of this entry »

Posted in OpenSSL, Power User, Security | Tagged: | 1 Comment »

 
%d bloggers like this: