Two fun facts about IT

**Charu** · 04-8-2014, 01:40 PM

Re: Two fun facts about IT

My work station uses Windows XP.

Good thing I never use for anything serious, lmao.

**Pseudo Enigma** · 04-8-2014, 02:05 PM

Re: Two fun facts about IT

ugh looks like it's time to go get a job and finally grab a computer that doesn't turn into a pile of shit when it has Win7.

**dAnceguy117** · 04-8-2014, 02:08 PM

Re: Two fun facts about IT

Originally posted by Pseudo Enigma

ugh looks like it's time to go get a job and finally grab a computer that doesn't turn into a pile of shit when it has Win7.

maybe switch to a lightweight linux distro for now?

**benguino** · 04-8-2014, 02:19 PM

Re: Two fun facts about IT

Originally posted by choof

If you work at a place that still uses XP, may god have mercy on your soul.

For anyone that does use XP at the workplace it would probably be best for them to alert their supervisor or superiors; perhaps they are unaware of the situation or the implications of XP no longer getting support.

**igotrhythm** · 04-8-2014, 03:09 PM

Re: Two fun facts about IT

Originally posted by reuben_tate

For anyone that does use XP at the workplace it would probably be best for them to alert their supervisor or superiors; perhaps they are unaware of the situation or the implications of XP no longer getting support.

Yeah, and since when have managers of cubicle dwellers worried at all about the problems their workers face? Any Dilbert comic will tell you that the answer is "never."

More info about the so-called Heartbleed bug, which is still making stuff vulnerable after the patch: http://arstechnica.com/security/2014...oulette-style/

**Bluearrowll** · 04-8-2014, 03:21 PM

Re: Two fun facts about IT

I work in a test data centre at a bank and a significant chunk of machines are XP run. The UK Government forked out 12 million pounds to Microsoft to continue support for a year. 64KB is a large enough amount of memory that could cause passwords / emails / private keys to be compromised. The timing of the reveal of this bug is very unfortunate.

Useful links on Heartbleed:

http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html

Check to see if a server you care about is affected:

Test your server for Heartbleed (CVE-2014-0160)

http://filippo.io/Heartbleed

**Spenner** · 04-8-2014, 03:22 PM

Re: Two fun facts about IT

Got XP on all the store computers where I work too, though it's not used for much. But still... having a POS system become vulnerable, yikes.

**dAnceguy117** · 04-8-2014, 04:53 PM

Re: Two fun facts about IT

(from the OpenSSL bug article)

"Bugs in single software or library come and go and are fixed by new versions," the researchers who discovered the vulnerability wrote in a blog post published Monday. "However this bug has left a large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitations and attacks leaving no trace this exposure should be taken seriously."

yep, gotcha. so how long has it been?

Fully recovering from the two-year-long vulnerability may also require revoking any exposed keys, reissuing new keys, and invalidating all session keys and session cookies.

TWO YEARS

WHAT

**Pseudo Enigma** · 04-8-2014, 05:03 PM

Re: Two fun facts about IT

Originally posted by Bluearrowll

Check to see if a server you care about is affected:
http://filippo.io/Heartbleed

rip

**MrGiggles** · 04-8-2014, 05:12 PM

Re: Two fun facts about IT

The heartbleed bug is almost as cool as that CryptoLocker thing that came out a while back

almost

**Bluearrowll** · 04-8-2014, 05:13 PM

Re: Two fun facts about IT

Originally posted by Pseudo Enigma

rip

This bug attacks HTTPS port 443 - flashflashrevolution is using port 80 and as such would not show up as an infected website. seagateshare where my network drive is hosted on however...

**dAnceguy117** · 04-8-2014, 05:20 PM

Re: Two fun facts about IT

Originally posted by Pseudo Enigma

rip

the "uh-oh" message doesn't mean the server is vulnerable, it means something else happened during the test.

Test your server for Heartbleed (CVE-2014-0160)

http://filippo.io/Heartbleed/faq.html#wentwrong

**arcnmx** · 04-8-2014, 05:27 PM

Re: Two fun facts about IT

Yeap heartbleed is quite the bug. Stupid simple mistake of passing memcpy the wrong length, huge consequences.

Originally posted by Bluearrowll

64KB is a large enough amount of memory that could cause passwords / emails / private keys to be compromised. The timing of the reveal of this bug is very unfortunate.

Note that you can just repeat the attack over and over to get a new random set of memory from the server each time, so you can obtain a lot more than just 64KB of data with this attack.

And yeah, FFR isn't vulnerable because lolnohttps. Ironically any sites that use no encryption are potentially safer than those that do - at least an attacker needs to be in a privileged position to sniff sensitive data from HTTP.

**Reincarnate** · 04-8-2014, 05:36 PM

Re: Two fun facts about IT

I don't know shit about encryption so can someone ELI5 for me -- how does this bug get fixed? What should the average person do to protect him/herself in the meantime?

Two fun facts about IT

Two fun facts about IT

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment