About Me

这是一个有关Linux视频教程的部落格。我将在此与大家分享经验与所学。请多多赐教。 This is mainly a Video Tutorial Blog about Linux. I am here to share my learnings and experiences. May I invite you to join me in this Quest. It all started with Linux Mint 11 and my move from the dark-side to freedom. Also a move to share experiences, knowledge and community spirit. I started to share my new found knowledge and experience in various different forums - Linux Mint Community, TomatoUSB and places I chance upon when googling. As my journey and voyages become more disperse and frequent, I decided its time for a place and certain ways to tie things together. Thus, the birth of my blog "Guruwannabe" - my user-name at Linux Mint Community, the first place that I became serious about my cyber-presence. Bob Wong (黄昌文)

Monday, 21 April 2014

Heart Bleed for Heat Beat


Overview:  The Heartbleed Bug is a serious vulnerability that allows outside attackers to steal sensitive information on an otherwise believed to be secured connections for example: https (ie: http over ssl/tls), secure email and VPN. All done without leaving a trace.
For more details:  http://heartbleed.com/
Visit me at:  http://community.linuxmint.com/tutorial/view/1628

Heart Bleed Bug

    • What ain't Broken?

    • What is Broken?

    • What is fixed?



What was Not Broken by Heart Bleed?

    • Major Components

      • SSL
      • SSH
      • Heart Beat
    • OpenSSL before 1.0.1

    • Non OpenSSH/OpenSSL implementations



What is Broken?

    • OpenSSH/OpenSSL Heart Beat implementation

      • 1.0.1 Branch
      • 1.0.2-beta Testing Branch
    • Yep, it's an Implementation error



What is fixed?

    • OpenSSL v1.0.1g

      OpenSSL v1.0.2-beta2

    • Distropatch by each distro

      • Built on/after 7apr2014
      • These not necessary be 1.0.1g
    • How to check?

      • openssl version -a
      • Look for build date


Some more Checking?

    • Launch Package Manager

      • Eg: Mint Synatic Package Manger
    • Search/Filter for “ssl” installed

      • Eg: libssl1.0.0, openssl
    • Select libssl1.0.0 and [Get Changelog]

      • Look for CVE-2014-0160 fix
    • CLI - Mint13

      • apt-get changelog openssl
      • apt-get changelog libssl1.0.0 

What to look for :?

  • CVE-2014-0160  fix

  • 1.01-4ubuntu5.12 for Mint13


Anything Else?

    • Yes, Google for the rest :)

      • This is meant As a Simple Guide
    • After Patch, Look for??

      • Generate New Certificates
      • Revoke Old Certificates
      • Get all End users to Change Passwords
      • Other Details
        • Check with your Service Provider eg: Online Mail, Ruby Rail etc...
    • Remember not all OpenSSH/OpenSSL is affected!

20140421

21 comments:

  1. Replies
    1. The effectiveness of IEEE Project Domains depends very much on the situation in which they are applied. In order to further improve IEEE Final Year Project Domains practices we need to explicitly describe and utilise our knowledge about software domains of software engineering Final Year Project Domains for CSE technologies. This paper suggests a modelling formalism for supporting systematic reuse of software engineering technologies during planning of software projects and improvement programmes in Final Year Projects for CSE.

      Software management seeks for decision support to identify technologies like JavaScript that meet best the goals and characteristics of a software project or improvement programme. JavaScript Training in Chennai Accessible experiences and repositories that effectively guide that technology selection are still lacking.

      Aim of technology domain analysis is to describe the class of context situations (e.g., kinds of JavaScript software projects) in which a software engineering technology JavaScript Training in Chennai can be applied successfully

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Delete
  2. Awesome post. Woderful content. I am regularly follow this blog. Thank you for updating such a good content. Amazon Web Services Training in Chennai

    ReplyDelete
  3. İnstagram takipçi satın al! İnstagram takipçi sitesi ile takipçi satın al sende sosyal medyada fenomen olmaya bir adım at. Sende hemen instagram takipçi satın almak istiyorsan tıkla:

    1- takipçi satın al

    2- takipçi satın al

    3- takipçi satın al

    ReplyDelete
  4. https://buycokaonline.com/
    https://buycokaonline.com/index.php/shop/
    Buy bio cocaine online
    Order cocaine in UK
    Buy cocaine in UK
    Cocaine for sale in UK
    Cocaine for sale in Italy
    Order pure white cocaine online
    Buy Cocaine online Europe
    Buy DMT online
    Buy MDMA Online
    Buy Cocaine Powder Online
    Buy Volkswagen cocaine online
    Order pure white cocaine online
    Cocaine for sale in USA
    Cocaine for sale in Sweden
    Cocaine for sale in Scotland
    Order Cocaine online
    Buy Cocaine online
    Cocaine for sale online
    Cocaine for sale in Isle of Man
    Cocaine for sale in Spain
    Cocaine for sale in Ireland
    Cocaine for sale in England
    Peruvian Cocaine for sale Online
    Buy Peruvian Cocaine Online
    Crack Cocaine for sale online
    Buy Crack Cocaine online
    Order Cocaine Powder Online
    Buy Cocaine Powder Online
    Buy Crack Cocaine online
    Buy Fishscale Cocaine online
    Wholesale Cocaine Online
    Order cocaine in Auckland
    Buy cocaine in Sweden
    Buy cocaine in Spain
    Buy cocaine in New Zealand
    Buy Cocaine online in Sydney
    Order cocaine in Australia
    Buy Cocaine online in Perth
    Order cocaine in New Zealand
    Carfentanil for sale online
    Buy Carfentanil online

    ReplyDelete