Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 30 Oct 2014, 15:21
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Millions of Android Devices Vulnerable to Heartbleed Bug
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
James C


Joined: 26 Mar 2009
Posts: 5890
Location: Kentucky

PostPosted: Tue 15 Apr 2014, 09:18    Post_subject:  Millions of Android Devices Vulnerable to Heartbleed Bug  

http://www.bloomberg.com/news/2014-04-11/millions-of-android-devices-vulnerable-to-heartbleed-bug.html

Quote:
Millions of smartphones and tablets running Google Inc. (GOOG)’s Android operating system have the Heartbleed software bug, in a sign of how broadly the flaw extends beyond the Internet and into consumer devices.

While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Back to top
View user's profile Send_private_message 
bark_bark_bark

Joined: 05 Jun 2012
Posts: 846
Location: USA

PostPosted: Tue 15 Apr 2014, 14:30    Post_subject:  

Android has never been safe, and you can blame that on Java.
_________________
Desktop: Intel 945PSN Motherboard, 3.2Ghz P-IV "Prescott 2M", 2GB RAM, 500GB WD HDD, Windows 7
(Slacko) Puppy Arcade 11 on USB Stick, Kali Linux and Windows XP in their own Virtual Machines
Back to top
View user's profile Send_private_message 
gcmartin

Joined: 14 Oct 2005
Posts: 4379
Location: Earth

PostPosted: Fri 18 Apr 2014, 14:44    Post_subject:  

Here, another alert which suggest vulnerability. What should interest all of us is an explanation of how this 2 year item got there in the first place and which subsystems is it using for the breeches it is providing. I have seen much speculation and have witnessed several live reports from reporters with differing accounts on HeartBleed. Notice, that is this accounting, they share that old versions may have contracted HeartBleed.

Idea Anyone, here, in this forum, want to use their own words to describe this bug and its manifestation? Could/Is HeartBleed in Puppy? Idea

Anyone.

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send_private_message 
mavrothal


Joined: 24 Aug 2009
Posts: 1731

PostPosted: Fri 18 Apr 2014, 15:17    Post_subject:  

Here is a more realistic view of the issue
Quote:
Security vendor CloudFlare further roiled the pot by issuing a challenge to hackers to steal a server's private encryption key using the Heartbleed bug. Fedor Indutny of Moscow took nine hours to obtain the key,
....
32 thousand requests per second from a single user is highly suspicious since that would be about 100x more than the fastest Internet connections allow a real user to use.
....
Also lost in the initial panic over the fact that two-thirds of websites use OpenSSL was any breakdown of how many of the servers were running a version actually affected by the flaw -- a figure that some put at 17 percent.
...
Attacking the client, you'll probably only get a few chances. You're not going to be able to do a million requests because, remember, you're not asking the client or initiating the connection to the client to pump the data out.

The rest is interesting too as well as the links therein.

_________________
Kids all over the world go around with an XO laptop. They deserve one puppy (or many) too Very Happy
Back to top
View user's profile Send_private_message 
rokytnji


Joined: 20 Jan 2009
Posts: 1404
Location: Pecos/ Texas

PostPosted: Fri 18 Apr 2014, 23:24    Post_subject:  

Quote:
Anyone, here, in this forum, want to use their own words to describe this bug and its manifestation? Could/Is HeartBleed in Puppy? Idea

Anyone.


https://www.ssllabs.com/

Use Test your Browser Button.

Mine.


Quote:
SSL 2 handshake compatibility No
TLS compression No
Your user agent is not vulnerable.
Images Passive Yes
CSS Active No
Scripts Active No
XMLHttpRequest Active No
WebSockets Active No
Frames Active No


YMMV from mine.
Back to top
View user's profile Send_private_message Visit_website 
gcmartin

Joined: 14 Oct 2005
Posts: 4379
Location: Earth

PostPosted: Fri 18 Apr 2014, 23:50    Post_subject:  

More information on this issue of Android 4.1.x, servers and OpenSSL

Hope this is helpful in understanding HeartBleed and its manifestation.

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send_private_message 
slavvo67

Joined: 12 Oct 2012
Posts: 445
Location: The other Mr. 305

PostPosted: Sat 19 Apr 2014, 00:17    Post_subject:  

How do you read the SSLabs results?

Thanks
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0579s ][ Queries: 12 (0.0041s) ][ GZIP on ]