1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

'Heartbleed' - serious new security threat

Discussion in 'Security and Privacy' started by BOBBO, 2014/04/08.

  1. 2014/04/08
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Last edited: 2014/04/08
  2. 2014/04/08
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    7,150
    Likes Received:
    499
    Could cause quite a stir if it is compromising our systems. Neil.
     

  3. to hide this advert.

  4. 2014/04/09
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    7,150
    Likes Received:
    499
    This was a headline in local Daily newspaper today. Concerns with Yahoo - Visa - Mastercard etc. Neil.
     
  5. 2014/04/09
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    It must be serious, because Startpage had a link about the threat on it's homepage...

    Excerpt...
    "Heartbleed" is a security vulnerability in OpenSSL (Secure Socket Layer) encryption that permits eavesdropping on communications and access to sensitive data such as passwords. Heartbleed gives read access to the memory of the encryption functions of vulnerable servers, allowing attackers to steal the private keys used to encrypt data transmissions.

    StartPage's vulnerability to this attack was limited, since we had implemented a more secure, upgraded form of SSL known as Perfect Forward Security (PFS) in July 2013. PFS is generally supported by most recent browser versions. Since PFS uses a different "per-session" encryption key for each data transfer, even if a site's private SSL key is compromised, past communications are protected from retroactive decryption.

    Security is a moving target, and we work hard to stay ahead of the curve. Immediately after the Heartbleed security advisory, StartPage's encryption modules were updated and encryption certificates were changed.

    In independent evaluation, StartPage and Ixquick outscore other search engines on encryption standards, earning an A+ rating. See Qualys' SSL Labs evaluation of StartPage's encryption features here:
    https://www.ssllabs.com/ssltest/analyze.html?d=startpage.com&s=69.90.210.72
     
  6. 2014/04/12
    IvanH

    IvanH Well-Known Member

    Joined:
    2006/12/05
    Messages:
    565
    Likes Received:
    19
  7. 2014/04/12
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    I have many user IDs & passwords, so if one is compromised, it doesn't affect the rest.
     
  8. 2014/04/13
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    WindowsBBS doesn't use SSL, so there's nothing you can check. But yea, I updated OpenSSL on this server, so it is fixed for sites that use it.
     
    muddyfox likes this.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.