# OpenSSL wide open to hackers



## Red_Machine (Apr 8, 2014)

Dunno if anyone has posted this here yet or not, but I'm completely floored by this.  This is worse than RSA's SecurID being hacked, nobody's safe from it.

http://techcrunch.com/2014/04/07/ma...sl-could-effect-a-huge-chunk-of-the-internet/


----------



## remixedcat (Apr 8, 2014)

tisk..tisk


----------



## pr0n Inspector (Apr 10, 2014)

worst part is that it's 2-year-old. could've been silently exploited for all we know.


----------



## Peter1986C (Apr 10, 2014)

Didn't GnuTLS have a similar bug not very long ago?


----------



## remixedcat (Apr 10, 2014)

See some of these open source project people spend more time arguing over stupid crap instead of fixing stuff. Typical Linux mentality. Smh.


----------



## Ferrum Master (Apr 10, 2014)

remixedcat said:


> See some of these open source project people spend more time arguing over stupid crap instead of fixing stuff. Typical Linux mentality. Smh.



You mean Linus's ego inheritance...


----------



## pr0n Inspector (Apr 11, 2014)

remixedcat said:


> See some of these open source project people spend more time arguing over stupid crap instead of fixing stuff. Typical Linux mentality. Smh.



WTF? OpenSSL has nothing to do with Linux. It's not even using the same type of license.

And I'm not going to even touch on how stupid it is to assume tens of thousands of programmers all over the world just somehow all share the same "Linux mentality"(wtf does that even mean). You seem to think being a yes man to some corporate managers somehow makes you a better coder.


----------



## remixedcat (Apr 11, 2014)

Its the god complex mentality they have that Linus perpetuated. Also the fact they tell people to eff off instead of taking criticism gracefully. Not saying it about all just a lot of these projects have this issue. Its sad.


----------



## eidairaman1 (Apr 11, 2014)

sounds like comcast


----------



## pr0n Inspector (Apr 11, 2014)

remixedcat said:


> Its the god complex mentality they have that Linus perpetuated. Also the fact they tell people to eff off instead of taking criticism gracefully. Not saying it about all just a lot of these projects have this issue. Its sad.




What's "a lot"?

Sometimes people just don't like some hot heads suddenly barge in and start making many or radical commits to projects they started or worked on for years, it's perfectly understandable. The open source community is held together by collaboration, software development simply doesn't work like in corporate environments where you should just shut up and do your job. You can just take the code and fork it if you disagree with the project leaders that much and many did, some even overtook the original.


----------



## BiggieShady (Apr 11, 2014)

pr0n Inspector said:


> Sometimes people just don't like some hot heads suddenly barge in and start making many or radical commits to projects they started or worked on for years, it's perfectly understandable.



This is much more pronounced when the open source project is a security library used by more than 50% of internet. 
I wonder why no one ever suspects foul play - it would be so easy to sabotage this kind of project by committing code that leaks memory (or paying someone involved to do it).


----------



## puma99dk| (Apr 11, 2014)

doesn't this just show that nothing is perfect when it comes to security?

we all know this shouldn't exist but yet it does


----------



## Naito (Apr 11, 2014)

puma99dk| said:


> doesn't this just show that nothing is perfect when it comes to security?



Security? Ha. Nothing of the sort exists with agencies like the NSA around.


----------



## flmatter (Apr 13, 2014)

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
For sites affected by heartbleed bug  lol


----------



## remixedcat (Apr 13, 2014)

I still think the NSA paid someone off


----------



## Champ (Apr 13, 2014)

so has anything arisen from this yet?


----------



## flmatter (Apr 13, 2014)

Not really, just change your passwords, it is truly amazing how quiet it has been, from everyone - anti-virus companies to gov't intel agencies.


----------



## remixedcat (Apr 13, 2014)

NSA has everyone by the balls


----------



## Divide Overflow (Apr 13, 2014)

Champ said:


> so has anything arisen from this yet?


Hasn't been anything attributed to this vulnerability yet.  Now that it's widely known, I'm sure there will be a couple of exploits on the servers who are slow to patch.


----------



## Aquinus (Apr 13, 2014)

Divide Overflow said:


> Hasn't been anything attributed to this vulnerability yet.  Now that it's widely known, I'm sure there will be a couple of exploits on the servers who are slow to patch.



If they're really that slow, it's possible that they never enabled the heartbeat extension or their software is older than the bug. Either way, I think this has been an over-glorified bug report. The content of the data that a "hacker" would get from this would widely vary. It won't always lead to a breach of security either.


----------

