Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 23 Aug 2014, 09:46
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Millions of Android Devices Vulnerable to Heartbleed Bug
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [7 Posts]  
Author Message
James C


Joined: 26 Mar 2009
Posts: 5711
Location: Kentucky

PostPosted: Tue 15 Apr 2014, 09:18    Post subject:  Millions of Android Devices Vulnerable to Heartbleed Bug  

http://www.bloomberg.com/news/2014-04-11/millions-of-android-devices-vulnerable-to-heartbleed-bug.html

Quote:
Millions of smartphones and tablets running Google Inc. (GOOG)’s Android operating system have the Heartbleed software bug, in a sign of how broadly the flaw extends beyond the Internet and into consumer devices.

While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Back to top
View user's profile Send private message 
bark_bark_bark

Joined: 05 Jun 2012
Posts: 793
Location: USA

PostPosted: Tue 15 Apr 2014, 14:30    Post subject:  

Android has never been safe, and you can blame that on Java.
_________________
Desktop: Intel 945PSN Motherboard, 3.2Ghz P-IV "Prescott 2M", 2GB RAM, 160GB WD HDD and 500GB WD HDD, Windows 7
I am looking for a working Atari ST that can be bought for less than $100.
Back to top
View user's profile Send private message 
gcmartin

Joined: 14 Oct 2005
Posts: 4220
Location: Earth

PostPosted: Fri 18 Apr 2014, 14:44    Post subject:  

Here, another alert which suggest vulnerability. What should interest all of us is an explanation of how this 2 year item got there in the first place and which subsystems is it using for the breeches it is providing. I have seen much speculation and have witnessed several live reports from reporters with differing accounts on HeartBleed. Notice, that is this accounting, they share that old versions may have contracted HeartBleed.

Idea Anyone, here, in this forum, want to use their own words to describe this bug and its manifestation? Could/Is HeartBleed in Puppy? Idea

Anyone.

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
mavrothal


Joined: 24 Aug 2009
Posts: 1596

PostPosted: Fri 18 Apr 2014, 15:17    Post subject:  

Here is a more realistic view of the issue
Quote:
Security vendor CloudFlare further roiled the pot by issuing a challenge to hackers to steal a server's private encryption key using the Heartbleed bug. Fedor Indutny of Moscow took nine hours to obtain the key,
....
32 thousand requests per second from a single user is highly suspicious since that would be about 100x more than the fastest Internet connections allow a real user to use.
....
Also lost in the initial panic over the fact that two-thirds of websites use OpenSSL was any breakdown of how many of the servers were running a version actually affected by the flaw -- a figure that some put at 17 percent.
...
Attacking the client, you'll probably only get a few chances. You're not going to be able to do a million requests because, remember, you're not asking the client or initiating the connection to the client to pump the data out.

The rest is interesting too as well as the links therein.

_________________
Kids all over the world go around with an XO laptop. They deserve one puppy (or many) too Very Happy
Back to top
View user's profile Send private message 
rokytnji


Joined: 20 Jan 2009
Posts: 1309
Location: Pecos/ Texas

PostPosted: Fri 18 Apr 2014, 23:24    Post subject:  

Quote:
Anyone, here, in this forum, want to use their own words to describe this bug and its manifestation? Could/Is HeartBleed in Puppy? Idea

Anyone.


https://www.ssllabs.com/

Use Test your Browser Button.

Mine.


Quote:
SSL 2 handshake compatibility No
TLS compression No
Your user agent is not vulnerable.
Images Passive Yes
CSS Active No
Scripts Active No
XMLHttpRequest Active No
WebSockets Active No
Frames Active No


YMMV from mine.
Back to top
View user's profile Send private message Visit poster's website 
gcmartin

Joined: 14 Oct 2005
Posts: 4220
Location: Earth

PostPosted: Fri 18 Apr 2014, 23:50    Post subject:  

More information on this issue of Android 4.1.x, servers and OpenSSL

Hope this is helpful in understanding HeartBleed and its manifestation.

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 372
Location: The other Mr. 305

PostPosted: Sat 19 Apr 2014, 00:17    Post subject:  

How do you read the SSLabs results?

Thanks
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [7 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0601s ][ Queries: 12 (0.0051s) ][ GZIP on ]