http://kb.digibase.ca/index.php?title=DBSA:2014-0007&feed=atom&action=history
DBSA:2014-0007 - Revision history
2024-03-28T20:42:04Z
Revision history for this page on the wiki
MediaWiki 1.31.1
http://kb.digibase.ca/index.php?title=DBSA:2014-0007&diff=600&oldid=prev
Gung-ho Gun at 14:07, 11 April 2014
2014-04-11T14:07:09Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 14:07, 11 April 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l43" >Line 43:</td>
<td colspan="2" class="diff-lineno">Line 43:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:DBSA|2014]]</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:DBSA|2014]]</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">#REDIRECT [[DBSA:2014-0007]]</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">[[Category:DBSA-Redir]]</del></div></td><td colspan="2"> </td></tr>
</table>
Gung-ho Gun
http://kb.digibase.ca/index.php?title=DBSA:2014-0007&diff=598&oldid=prev
Gung-ho Gun at 13:59, 11 April 2014
2014-04-11T13:59:58Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 13:59, 11 April 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l43" >Line 43:</td>
<td colspan="2" class="diff-lineno">Line 43:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:DBSA|2014]]</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:DBSA|2014]]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">#REDIRECT [[DBSA:2014-0007]]</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:DBSA-Redir]]</ins></div></td></tr>
</table>
Gung-ho Gun
http://kb.digibase.ca/index.php?title=DBSA:2014-0007&diff=597&oldid=prev
Kradorex Xeron: Created page with "{{DBSAHEAD | TITLE=OpenSSL "Heartbleed" Vulnerability - End Users | KEYWORDS=SSL, TLS, Vulnerability, Data Exposure, HTTPS, OpenSSL }} '''DBSA ID:''' {{PAGENAME}} '''Regardi..."
2014-04-11T13:41:20Z
<p>Created page with "{{DBSAHEAD | TITLE=OpenSSL "Heartbleed" Vulnerability - End Users | KEYWORDS=SSL, TLS, Vulnerability, Data Exposure, HTTPS, OpenSSL }} '''DBSA ID:''' {{PAGENAME}} '''Regardi..."</p>
<p><b>New page</b></p><div>{{DBSAHEAD<br />
| TITLE=OpenSSL "Heartbleed" Vulnerability - End Users<br />
| KEYWORDS=SSL, TLS, Vulnerability, Data Exposure, HTTPS, OpenSSL<br />
}}<br />
<br />
'''DBSA ID:''' {{PAGENAME}}<br />
<br />
'''Regarding:''' OpenSSL "Heartbleed" Vulnerability - End Users<br />
<br />
'''Writeup:''' [[User:Kradorex Xeron|Kradorex Xeron]] ([[User talk:Kradorex Xeron|talk]]) 09:41, 11 April 2014 (EDT)<br />
<br />
'''Date:''' 2014 04 11<br />
<br />
'''Last Modified:''' {{REVISIONTIMESTAMP}} by {{REVISIONUSER}}<br />
<br />
'''Who should take note:''' Anyone and Everyone<br />
<br />
==Classification==<br />
<br />
'''Priority:''' HIGH<br />
<br />
'''Rationale:''' Information could have been compromised by third parties, immediate attention is required.<br />
<br />
'''Severity:''' HIGH<br />
<br />
'''Rationale:''' Information disclosed may be utilized and leveraged to compromise user accounts across multiple sites.<br />
<br />
'''Spread of Issue:''' MULTI-PLATFORM HIGH<br />
<br />
'''Rationale:''' Affects all users of secure websites given the wide deployment of OpenSSL.<br />
<br />
==Description==<br />
OpenSSL is a popular program and library set used to deploy the Secure Sockets Layer and Transport Security Layer protocols. Recently there was a vulnerability in the 1.0.1 version series server implementation of OpenSSL whereas a client could utilize the "Heartbeat" mechanism used to keep connections alive to read server memory by requesting a longer resource than was input, thus causing the server to read back the requested length of data, leading to data unrelated to that connection being disclosed. This disclosure can include anything from private encryption keys to usernames and passwords transmitted over encrypted means.<br />
<br />
==Mitigation/Solution==<br />
Users are advised to utilize the detection tool as listed in the references section to determine if the site they use is patched. If the site is patched the results will display a green bar behind the Heartbeat/Heartbleed entry. Upon receipt of that, a user may go ahead and change their passwords and/or security questions on the specific sites.<br />
<br />
Users are further advised not to accept disclaimers as sufficient from website services unless that disclaimer explicitly states that the site utilized an unaffected library or software. If further information is needed to make this determination, please contact the website administrator. If a determination cannot be made do not accept the statement and implement changes to any passwords and/or security questions.<br />
<br />
==References==<br />
* https://www.ssllabs.com/ssltest/index.html (DETECTION TOOL)<br />
* http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/<br />
<br />
[[Category:DBSA|2014]]</div>
Kradorex Xeron