Settings
Language

Country

Framework language
Choose the country,language and framework settings
Privacy
HTTPS + POST : An encrypted SSL(HTTPS) connection ensuring your privacy. The search variables like keywords, etc. are encrypted and masked.
HTTPS + GET : The data transfer is enrypted but search variables displayed in the URL.
HTTP + GET : Non encrypted datatransfer
SSL key exchange / Cipher
World Wide Web:
primary
secondary
Images:
primary
secondary
Thumbnails
Count of search results per page
Content filter

Violence
Filter adult material


Parental lock: with setting a password you are activating the parental lock. You are able to reset it by typing in the correct password clicking reset and saving the settings. To use the child protection properly you need to create a separate system account for your child with no write access to cookies

Length of descriptions
Activate social platform plugins
With activating this option social plugins embed to this website will get loaded automatically. You will automatically accept all terms of used social plugin hosters by setting activated. Please reconsider our terms and links to related terms and datasecurity for more information
Advertisements
Color style
Save Settings
Close Settings

Blog

Heartbleed Vulnerability - OpenSSL TLS Heartbeat Bug
Translation in de

Not only Linux Users should feel concerned. Passwords of bank accounts, mail accounts and so on could have been compromised, if the server was using a vulnerable OpenSSL Version.

This Bug allows attackers to recover the generated primary and secondary key of a https session (or any other protocol using OpenSSL) used for establishing the connection and transmitting the content. If the keys got recovered any data transmitted can be decrypted and faking the Client/Server would also be possible.

Man-In-The-Middle-Attacks could be used to inject malware to get other private data or infect a client.

It is recommended to change any password that could have been compromised and to use different passwords for each account.

You can check yourself if a server is compromised by using this tool.

vulnerable OpenSSL Versions:

 - OpenSSL 1.0.1 and 1.0.1f(inclusive)

 afflicted Operating Systems :

- Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4

- Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11

- CentOS 6.5, OpenSSL 1.0.1e-15

- Fedora 18, OpenSSL 1.0.1e-4

- OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)

- FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013

- NetBSD 5.0.2 (OpenSSL 1.0.1e)

- OpenSUSE 12.2 (OpenSSL 1.0.1c)

- Android OS Jelly Bean 4.1.1

 

How to fix this bug:

Update OpenSSL to 1.0.1.g or just pull following commit : https://github.com/openssl/openssl/commit/731f431497f463f3a2a97236fe0187b11c44aead

you could also downgrade to 0.98 or build openssl without the --tls-heartbeat option.

most distributors should already have commited updates to their repositories. Therefor it should be enough to update the regarding SSL packages with your package manager.

Debian Wheezy:

add the following repos to your /etc/apt/sources.list :

deb http://security.debian.org/ wheezy/updates main
deb-src http://security.debian.org/ wheezy/updates main

update your packages :

#/bin/bash
apt-get update
apt-get upgrade

Gentoo Linux:

#/bin/bash
emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1g"

after updating your packages you need to restart any service using openssl libs and bins

 

Posted at ( updated at )
in Security 

Tags:
Activate Facebook
Comments