X
Settings
Language

Country

Framework language
Choose the country,language and framework settings
Privacy
HTTPS + POST : An encrypted SSL(HTTPS) connection ensuring your privacy. The search variables like keywords, etc. are encrypted and masked.
HTTPS + GET : The data transfer is enrypted but search variables displayed in the URL.
HTTP + GET : Non encrypted datatransfer
SSL key exchange / Cipher
Chromium based browsers might not work with the STRONG+ cipher set! You need to delete your settings cookie if you cannot build up an SSL connection. Try the STRONG cipher set instead.
The FAST cipher set is only recommended for outdated browser which are still using SSL3 or do only support weak ciphers for the key exchange. Do not use this cipher set if you are using software which is up to date!
Session key extension

Bind Session to IP
These two settings will improve the security of your session. By giving an additional session salt and/or binding your session to your current IP address your new session will be secured individually making it almost 100% unbreakable for any random hacking attempt and man in the middle attacks! If you change one of those values your current session will be reinitiated! This means you will be logged out if you are logged in right now. Check your session security settings (user details), if you want to kill remaining sessions. It is not recommended to bind your IP to your session if you are using a VPN/PROXY/ISP Network with altering outbound IPs since you will be logged out everytime your IP changes.
World Wide Web:
primary
secondary
Images:
primary
secondary
Thumbnails
Show external thumbnails and images.
Count of search results per page
Content filter

Violence
Filter adult material


Parental lock: with setting a password you are activating the parental lock. You are able to reset it by typing in the correct password clicking reset and saving the settings. To use the child protection properly you need to create a separate system account for your child with no write access to cookies

Length of descriptions
Activate social platform plugins
With activating this option social plugins embed to this website will get loaded automatically. You will automatically accept all terms of used social plugin hosters by setting activated. Please reconsider our terms and links to related terms and datasecurity for more information
Advertisements
Color style
MENU:
INPUT/SELECT BG:
INPUT/SELECT TEXT-COLOR:
HEADINGS:
LINK TEXT-COLOR:
CONTENT TEXT-COLOR:
Background Image
Save Settings
Close Settings
🗙

Blog

  • Whussup.net
  • Blog
Heartbleed Vulnerability - OpenSSL TLS Heartbeat Bug
Translations: de

Not only Linux Users should feel concerned. Passwords of bank accounts, mail accounts and so on could have been compromised, if the server was using a vulnerable OpenSSL Version.

This Bug allows attackers to recover the generated primary and secondary key of a HTTPS session (or any other protocol using OpenSSL) used for establishing the connection and transmitting the content. If the keys got recovered, any data transmitted can be decrypted and faking the Client/Server would also be possible.

Man-In-The-Middle-Attacks could be used to inject malware to get other private data or infect a client.

It is recommended to change any password that could have been compromised and to use different passwords for each account.

You can check yourself if a server is compromised by using this tool.

Vulnerable OpenSSL Versions:

 - OpenSSL 1.0.1 and 1.0.1f(inclusive)

 afflicted Operating Systems :

- Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4

- Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11

- CentOS 6.5, OpenSSL 1.0.1e-15

- Fedora 18, OpenSSL 1.0.1e-4

- OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)

- FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013

- NetBSD 5.0.2 (OpenSSL 1.0.1e)

- OpenSUSE 12.2 (OpenSSL 1.0.1c)

- Android OS Jelly Bean 4.1.1

 

How to fix this bug:

Update OpenSSL to 1.0.1.g or just pull following commit : https://github.com/openssl/openssl/commit/731f431497f463f3a2a97236fe0187b11c44aead

you could also downgrade to 0.98 or build OpenSSL without the --tls-heartbeat option.

most distributors should already have committed updates to their repositories. Therefor, it should be enough to update the regarding SSL packages with your package manager.

Debian Wheezy:

add the following repos to your /etc/apt/sources.list :

deb http://security.debian.org/ wheezy/updates main
deb-src http://security.debian.org/ wheezy/updates main

update your packages :

#/bin/bash
apt-get update
apt-get upgrade

Gentoo Linux:

#/bin/bash
emerge --ask --oneshot --verbose >=dev-libs/openssl-1.0.1g

after updating your packages, you need to restart any service using OpenSSL libs and bins

 

Posted at 2014-04-27 19:42:35
( updated at 2014-05-02 23:33:42 )
in securityBash

Tags:
OpenSSLHeartbleed VulnerabilityTLS Heartbeat Bug
  • all entries
  • Messages
  • Manuals
  • security
  • Whussup.net
    • Home
    • General Information
    • Contact
    • Blog
    • Campaigns
    • Data Protection & Terms Of Use
  • Donations
Paypal
    • Tools
      • Github
      • Check IP Address
    0
    Guest
    • Whussup.net
      • Home
      • General Information
      • Contact
      • Blog
      • Campaigns
      • Data Protection & Terms Of Use
      • Login
      • Logout
      • User Details
      • Create User Account
      • Settings
    • GAMES
    gear
    Language:
    Sort:
    Filter:
    Geolocation:
    Country:
    Google Domain:
    Simplified Chinese:
    AND search query:
    Search in URL:
    Search in URL - Filter:
    Contained search queries:
    Excluded search queries:
    OR search queries:
    related URL:
    Date:
    File type (Extension):
    Image size:
    Image type:
    Color:
    Dominant color:
    Copyright:



    Filter:
    Alternative Search Query
    Show All Indexes
    HD 3D game language-Filter country-Filter
    minimal length
    Maximal Length
    Free shippingSorting
    Condition
    Min.:

    Max.:
    Sorting:
    Title:Original Title:Description:Year: - Release Date:Genre:Language:Spoken Languages:Country:Duration: - Colour Mode:Dimensions:Soundtrack:Production Companies:Production Countries:
    ----------------------------------------
    Actors:Thanks:Literary:Art:Camera:Casting:Cinematography:Costume:Decoration:Directing:Directing (art):Directing (assistant):Editing:Lighting:Location:Makeup:Music:Other:Producing:Producing (design):Producing (management):Sound Technology And Electrics:Special Effects:Stunts:Logistics:Visual Effects:Literary:
    Suggestions
    Manual
    Plugin Name:generate
    >>
    *: