Hello & Welcome to our community. Is this your first visit? Register
Follow us on
Follow us on Facebook Follow us on Twitter Watch us on YouTube


MMOCoin

Likes Likes:  1
Results 1 to 2 of 2
  1. #1
    Premium

    Join Date
    May 2011
    Posts
    222
    Post Thanks / Like
    Rep Power
    15
    Reputation
    100

    Exclamation NEW OpenSSL vulnerabilities!


    Register to remove this ad
    Thanks to Katos at Lordcraft for making this announcement! I'm enforcing this announcement here to help anyone else whom have no clue about these vulnerabilities but uses OpenSSL.

    Quote Originally Posted by Katos
    New OpenSSL vulnerabilities
    The OpenSSL team announced seven vulnerabilities covering OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (i.e. all versions) earlier this week.


    The most serious of which is the potential Man in the middle attack:



    OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

    Everyone who uses OpenSSL in their software or on their server should upgrade as soon as possible; the OpenSSL team has released new versions.


    Cloudflare and the above
    Those of you running cloudflare should be pleased to hear that cloudflare patched this vulnerability pretty damn quick, and they are now protected from the above, however they (as do I myself) strongly recommend updating any base-line OpenSSL that you have on your system (basically, don't rely on Cloudflare to secure you... because it wont.) You can view the "new versions" link above to do this.


    Hope this helps,
    Thanks,
    Katos.




    Credits: Katos


    › See More: NEW OpenSSL vulnerabilities!
    Last edited by Suraf; 22-06-14 at 06:59 AM.



  2. Related Threads - Scroll Down after related threads if you are only interested to view replies for above post/thread

  3. #2
    Beginner

    Join Date
    Nov 2013
    Posts
    1
    Post Thanks / Like
    Rep Power
    12
    Reputation
    3

    Register to remove this ad
    Thanks for crediting myself, much appreciated.
    Hope that people find this useful!

 

 

Visitors found this page by searching for:

Nobody landed on this page from a search engine, yet!
SEO Blog

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -5. The time now is 10:31 AM.
Powered by vBulletin® Copyright ©2000-2024, Jelsoft Enterprises Ltd.
See More links by ForumSetup.net. Feedback Buttons provided by Advanced Post Thanks / Like (Lite) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
vBulletin Licensed to: MMOPro.org