Results 1 ... 178 found in all logged channels for 'heartbleed' :
(trilema) mircea_popescu: you KNOW they'll have
heartbleed and orc glyphs and so on and so forth, even as the "security tokens" never expire and the gameplay just isn't there.
(trilema) a111: Logged on 2017-01-14 01:28 mircea_popescu: aqnyway, the "hive mind" is fucking comedic already. FIVE YEARS with the subverted python, got them nowhere. close to five years pushing rust, nothing to show for it. systemd is still mostly a joke, and the hatred is growing exponentially while the pustule is growing logarithmic at that. meanwhile the republic cracked open the
heartbleed in quite the painful fashion, no matter how much effort went into "rehappening" it. not t
(trilema) mircea_popescu: aqnyway, the "hive mind" is fucking comedic already. FIVE YEARS with the subverted python, got them nowhere. close to five years pushing rust, nothing to show for it. systemd is still mostly a joke, and the hatred is growing exponentially while the pustule is growing logarithmic at that. meanwhile the republic cracked open the
heartbleed in quite the painful fashion, no matter how much effort went into "rehappening" it. not t
(trilema) mircea_popescu: notice how he glued himself to
heartbleed (which, unlike the normal hanno bockian crap, was a surprise to the empire).
(trilema) BingoBoingo: <davout> for some reason this hoaxtoshi stuff seems very interesting to journos <<
Heartbleed and the bash vulnerability made radio
(trilema) assbot: Logged on 06-01-2016 15:46:58; ascii_butugychag: 'Filippo Valsorda. I'm Italian and I work on the CloudFlare Security Team in London. I built the public
Heartbleed test and I mess with cryptography. Public speaker. Motorbike rider. Frequent flyer. Hacker School F'13.'
(trilema) ascii_butugychag: 'Filippo Valsorda. I'm Italian and I work on the CloudFlare Security Team in London. I built the public
Heartbleed test and I mess with cryptography. Public speaker. Motorbike rider. Frequent flyer. Hacker School F'13.'
(trilema) assbot: Logged on 31-07-2015 03:53:10; asciilifeform: coderwill: on top of the thousand and one other sins, tor linked in ssl at the height of '
heartbleed' - something which pretty much nobody is speaking of today
(trilema) BingoBoingo: <asciilifeform> 'Andy confirmed that Coverity does not spot the
heartbleed flaw and said that it remained stubborn even when they tweaked various analysis settings.' << Can't spot
heartbleed because custom OpenSSL malloc
(trilema) thestringpuller: mircea_popescu: do you have the source for the pull request where hearn tried to merge in
heartbleed?
(trilema) mircea_popescu: note for instance that the various "emergency problem - update required" stuff is in NEW-ish versions. like,
heartbleed ? ubuntu 10.04 was fine. 12.04 ? owned.
(trilema) ascii_field: 'When we tried wget, it detected errors, retried, and finally succeeded. It said the error was a bad length field in a TLS packet. That didn't make sense at first because we thought TLS packets were error corrected by TCP.' << incidentally, i am not certain that i agree with the author's conclusion ('reverse
heartbleed'.) it may very well be an attempt to exploit other braindamage in http stack
(trilema) mircea_popescu: "
Heartbleed is a read buffer overflow. What that means is that an application is reading outside the boundaries of a buffer. For example, imagine an application has a space in memory that's 10 bytes long. If the software tries to read 20 bytes from that buffer, you have a read buffer overflow."
(trilema) BingoBoingo: <thestringpuller> well only OpenSSL had
heartbleed << The other big SSL implementations had their own flaws unveiled in the following months that essentially accomplished the same insecurity.
(trilema) assbot: Logged on 29-03-2015 16:49:24; Chillum: most protocols have had a vulnerability at some point.
Heartbleed was a bug in openssl, not a bug in ssl
(trilema) Chillum: most protocols have had a vulnerability at some point.
Heartbleed was a bug in openssl, not a bug in ssl
(trilema) Chillum: Routers are a sad state of affair. Something like 70% of consumer wifi routers in the wild are vulnerable to
heartbleed
(trilema) assbot: Logged on 27-09-2014 02:35:49; asciilifeform: if you create a '
heartbleed' - you are a вредитель. and whether you did it intentionally, given the impossibility of proof - does not matter.
(trilema) mircea_popescu: leaving aside that nobody i ever knew was seriously using the newer debian releases anyway for any purpose, you';d have to be fucking insane to think the way this goes is, we kill their
heartbleed and they sit and wait.
(trilema) mircea_popescu: "A failure to properly filter specially formed packets makes it possible for attackers to execute attack code of their choosing by sending malicious traffic to a Windows-based server." << sounds like windows had a replica of
heartbleed.
(trilema) assbot: SO YOURE SAYING MY POODLE IS
HEARTBLEEDING FROM SHELLSHOCK?WHAT THE FUCK IS EVEN GOING ON
(trilema) mircea_popescu: and that n is pretty fuckingly scary high, what with the
heartbleed headshot and all the other outlays generously handed out by la serenissima.
(trilema) thestringpuller: mircea_popescu: what if someone doesn't sign "
heartbleed introduction" then no one is accountable and system is moot
(trilema) ben_vulpes: this guy helped shut watch-only wallets and addresses out of the core client, while merging in
heartbleed.
(trilema) ben_vulpes: <asciilifeform> no
heartbleed, no pagerank. << search engines. next frontier of bitcoin.
(trilema) mircea_popescu: GinAddict1 mike is the chief enemy plant in bitcoin. he's the guy that merged
heartbleed in bitcoin for absolutely no legitimatereason, and he's the guy that forced a hard fork, idem.
(trilema) assbot: The author of the OpenSSL
Heartbleed bug also wrote the spec : programming
(trilema) mircea_popescu: btw, speaking of the derp foundation : did it yet get around to pointing out that people who had stopped updating bitcoin pre 8.0 were invulnerable to
heartbleed, whereas people who hadn't stopped updating lost all their key material in the interval ?
(trilema) mircea_popescu: <asciilifeform> this is also the answer for why '
heartbleed' was necessary, considering that usg has at-will access to root certs << not that simple.
(trilema) assbot: Meet Cupid, the
Heartbleed attack that spawns evil Wi-Fi networks | Ars Technica
(trilema) HeySteve: they hint it's related to
heartbleed, NRPE or Ebury, not that I'd heard of the other 2
(trilema) mircea_popescu: ThickAsThieves i dare not think they perhaps haven't reported on
heartbleed yet, because well...
(trilema) mircea_popescu: on that note, often manufacturers explicitly forbid to install updates and servicepacks since it might well break the app. << since
heartbleed i'm going to forbid any upgrades as part of the contract in all cases, always and forever.
(trilema) fluffypony: HeySteve: it depends - if you're trading with them then they generally have to auth; whilst you can check with nickserv if they have enforce on and are identified Freenode have said that it's possible NS passwords were leaked coz of
heartbleed
(trilema) fluffypony: davout: I'll fathom that they had logins etc. scraped when they were
Heartbleed vulnerable, and the attackers waited till now to use them
(trilema) ozbot: This reader mocked
Heartbleed, posted his passwords online. Guess what happened next.
(trilema) ozbot:
Heartbleed certificate revocation tsunami yet to arrive | Netcraft
(trilema) Shakespeare: facebook lols: I made a post briefing normals on
heartbleed and the general concept that internet privacy doesnt really exist. Here's the best response so far: "Is Lifelock an answer?"
(trilema) mircea_popescu: but i wouldn't trust anything coming from the powerfully retarded rangers. they tried to get
heartbleed into bitcoin, who knows what else they've baked into there we don't know about.
(trilema) mike_c: i had this thought last night. if i was the nsa, and i had injected this awesome new backdoor into 1.0.1f, and i was really anxious for everyone to upgrade right now.. I would publicize my outdated backdoor called
heartbleed.
(trilema) BingoBoingo: Oh, yahoo is password weak because
heartbleed. Figured I'd offer something on Yahoo for people to sign up for
(trilema) BingoBoingo: I the spirit of #
heartbleed is anyone else interested in -assets fantasy baseball on yahoo?
(trilema) dexX7: hey i'm still thinking about the
heartbleed stuff and was wondering: how could one - in theory - do something nefarious with this? user sessions aside, but what else is flying around there?
(trilema) BingoBoingo: I wonder how many of these connects/disconnects are attempts at
heartbleed probing
(trilema) Naphex: mircea_popescu: you can basically sniff whole SSL trafic with
Heartbleed.
(trilema) midnightmagic: mircea_popescu: That is from the
heartbleed site. It implies more information is available, but it's information which is sitting in that specific area. It's a busy area, but it's just that specific area.
(trilema) bounce:
heartbleed, not beedingheart, and a plurality mismatch in the last paragraph or so
(trilema) Namworld: lel, what? "The
Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content."