The attack may be repeated and it appears trivial to acquire the host’s private key. If you were running a vulnerable release, it is even suggested that you go as far as revoking all of your keys. Distributions using OpenSSL 0.9.8 are not vulnerable (Debian Squeeze vintage). Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2 and all following releases are vulnerable. OpenSSL released 1.0.1g today addressing the vulnerability. Debian’s fix is in incoming and should hit mirrors soon, Fedora is having some trouble applying their patches, but a workaround patch to the package .spec (disabling heartbeats) is available for immediate application.
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
Forscher der School of Electrical Engineering, Electronics and Computer Science (Liverpool) entwickelten in ihrem Labor einen Computerwurm mit dem Namen Chameleon, welcher sich selbstständig über WLAN verbreitet und Router bzw. Accesspoints als Wirtssysteme befällt.
In ihrem Labor simulierten die Wissenschaftler teile der WLAN-Netze der Städte London und Belfast und ließen Chameleon auf diese los, mit einem interessanten Ergebniss …
Today, new free under MIT licenses ownCloud mobile libraries for iOS and Android released.
They provide easy to use methods to read and write files, share files and many more useful operations. To make these libraries as useful as possible to as many developers as possible, they are released under the MIT license. Continue reading »
The Music Timeline shows genres of music waxing and waning, based on how many Google Play Music users have an artist or album in their music library, and other data (such as album release dates). Each stripe on the graph represents a genre; the thickness of the stripe tells you roughly the popularity of music released in a given year in that genre. (For example, the “jazz” stripe is thick in the 1950s since many users’ libraries contain jazz albums released in the ’50s.)
SimpleSecure is a plugin that allows you to insert a secure contact form on any page or post. The email message submitted by your visitor is securely encrypted using GPG/PGP, however no binaries are required nor are any shell calls necessary. SimpleSecure includes a pure PHP port of the GPG encryption functions which allows it to run on any server that supports PHP. In other words, you do not need to install GPG or allow shell access to PHP on your server.
This talk will discuss a case in which criminals compromised and robbed an ATM by infecting it with specially crafted malware. The successful compromise of an ATM can easily result in the loss of several hundred thousand dollars.