Heartbleed most dangerous vulnerability affects us directly

Hello friends, in today's tutorial we will talk about security, more precisely about the vulnerability found in Open SSL used by servers to protect the information entered by users when logging on to a site or web service. The vulnerability called "Heartbleed" appeared with the introduction of a "heart beat" function, a function that allows the active keeping of an authentication session on a site.
What exactly is the vulnerability Heartbleed?
Well, an attacker wishing to exploit this vulnerability can capture everything that is in the server's RAM. If the attack when some users were active login sessions or even logau that time on that site sessions, key in RAM at the moment could be captured and thus could obtain sensitive information, username, password or other information introduced during the session. Captured information could be used later.
Many sites in Romania are still affected by this vulnerability, among them well known and a tracker to whom I will give no name
There are enough companies that do not use OpenSSL but many reputable websites and social platforms like Facebook, Twitter, Flickr Tumblr, Pinterest, Yahoo, Google, Dropbox, using Open SSL.
Fortunately many companies and web services have already patched vulnerability in OpenSSL located. It seems that Google Heartbleed was discovered and patched all of them. As you probably know Google plays an important role in the open source community and not infrequently happened to intervene helping Google open source software, a platform that Google puts a lot because it uses the full basis in most software and services.
How we protect the vulnerability Heratbleed?
As a simple user can not do too many things. A firewall and an antivirus does not help in this case because the attacker is targeting server (website) which we no access to our PC.
- it would be recommended not to use the same password for all accounts, to use as complex passwords as possible that contain letters, numbers, signs, spaces.
- avoid frequent authentications (several times in a short time)
- do not use public networks and do not authenticate from them. If you still have to, use a VPN addressed by us in the tutorial Freedom Okay, pay online and browsing safely
- do not make online payments or fan transfer during this period
- access Heartbleed test to check if the website you want to browse is still vulnerable or not.
In the end, Heartbleed is the biggest vulnerability in Internet history. On a scale of 1 10 security professionals to impart a degree of risk Heartbleed 10 +, very high.
Luckily our website is not affected. Even a few days ago I received an update from WordPress who patched this vulnerability. Users of our site should be to stay calm about it because on our website does not require authentication, sensitive information will not ask, you do not need an account to watch our tutorials.


[media id = 1111 width = 480 height = 223]


Related Tutorials


about Adrian

Flemish information and knowledge, I like everything about art and share my knowledge with great pleasure. Those who give themselves to others will lose themselves but usefully, leaving something useful fellows. I enjoying this privilege, I will never say "do not know" but "not yet know"!

Comments

  1. In this case, the use of complex passwords with uppercase, lowercase, numbers and other signs is useless, just like in the case of a keylogger that you would have on your PC, because absolutely all the keys pressed are intercepted… so…
    Thanks for the tutorials, which I follow all the time, but lately they are a bit rare…

  2. You are not right when you say "so that we do not change our password unless we have received an email". !!!!
    Change passwords regularly, once every 2-3 months.

    • Adrian Gudus said

      You misunderstood my tutorial. you misunderstood and how an attacker can you get the information. If you were a little more careful and read the text above tutorial and you understand (and you probably have heard) when I said it is not recommended to change the password during this period (1-2 weeks)
      It is likely that the site that you come today or tomorrow, the vulnerability still exist. If during this time the attacker take advantage of it and capture that server memory, it could run out username and password because you see, your session is in the server's memory, just when you think you're doing a great deed changing password. If in that time (when you change the password) captures attacker will get not only the old password and new password but with active sessions at the time.
      It was easier to say you do not understand the tutorial than me correct me wrong.
      Next time be more careful

  3. I propose to continue the tutorials about surveillance cameras, DVDs, nrvs… settings ... to make surveillance networks at home or at companies alone. These would really be interesting to carry to the end.
    Thank you for this tutorial. I knew that even if the server intercepts encrypted data have had little to do with them. decryption lasts forever. I do not think anyone is really that crazy to stay 1, 2 weeks maybe more to discover a user's password.

  4. IT SEEMS LASTT TORENTS MAY BE INFECTED - http://filippo.io/Heartbleed/#lasttorrents.org

    • Adrian Gudus said

      There is an infection, a virus. It is a bug, a flaw. As I said in the text above tutorial, antivirus and firewall does not help you as a user for this vulnerability.

      • stefan said

        Hello, I really need your help with advice. For about 2 months, after 5 minutes sometimes and 20 minutes, I can no longer surf the net - by default I enter the mail, appearing in my left corner a message "establishing secure connection… ". And a window that says:" ERROR CODE: ERR-EMPTY-RESPONDE ". On some sites to enter tb to disable the antivirus. In order to enter the net, I must shut down the computer and reopen. I mention that I have Win 7 home and Avast antivirus, Chrom brows. Best regards, Stefan

  5. I got this system motherboard:https://www.asus.com/Motherboards/M2NE/,procesor:amd phenom ii x4 940
    http://www.pcgarage.ro/procesoare/amd/phenom-ii-x4-940-black-edition-300-ghz-skt-am2-plus-box/
    GM 4 2 800 MHz DDR RAM, integrated w 45 source.
    And I wish I could buy this video card:http://www.emag.ro/placa-video-msi-amd-radeon-r7-250-oc-1024mb-gddr5-128bit-hdmi-dvi-vga-propeller-blade-technology-r7-250-1gd5-oc/pd/D387JBBBM/ and I 1.0 slot video card is what capacity will go 3.0 video card and power supply if needed.

  6. You guys from the videotutorial, you're good to best copy-paste to steal items from others sites.
    You get smart when you're not and you want to look like a genius in the eyes of uninformed suckers who put their noses.
    You have reached pathetic!

    • I guess you're the engineer / engineers at Google who has / have discovered vulnerability ... and you wrote about it first.
      You / You did a good job with finding the bug and post patch.
      We apologize that we inform our next time do not publish it. Yet we think it's good to know people ....

      • … ..Always to find a net to throw mud at the one who works, go ahead with the tutorials and do not listen to the "great geniuses of the internet"!

        • We can not go forward in these conditions, close the shop tomorrow, that videoturorial.ro, website responsible for many crimes.
          'I' is right, no more ci
          Sounds like hell 'I'm right'… That's right I'd be right, but I'm not, I'm right.

    • Constantin said

      You're such a smart "I say" sucker, you're the one who has smart people here who follow the tutorials of these moderators / administrators. There are also people with professional, high school, college who follow these video tutorials, as you can see from your post you do not have the 8 classes finished from the general school there in the province where you are from or on your vocabulary (from the country) and control your vocabulary a bit as if you were a little "smart".

    • Adrian Gudus said

      However, come and watch us secretly looking. Why? We're not smart, right?

      • Constantin said

        Well done guys "videotutorial.ro team" you do a very good job do not consider everything that some post on your site. Could it be the envy of the man who is successful in everything he does and everything goes ok?
        I propose that these messages without good simnt not approve them.
        Who reads this message that I leave him and agrees with me I suggest you communicate boys
        Let's campaign against the "AWAKENERS".
        If they agree to implement this suggestion not to accept this situation.

    • Costelina said

      1 NOT Cristi does not have anything to apologize
      if the EU were well-intentioned, it would not make all users "uninformed suckers"
      2 I say and I say whenever you say computer needs saying videotutorial.ro
      3 in the end what to steal from me after I do not know what site "bicycle horses"
      4subiectul media is at least 2 years so that theft and copy paste?
      5Romani in 2014 in Romania is ==== democracy we have the right to information or not?
      Adrian thanks

  7. Heartbleed test said

    even your site is vulnerable —- Uh-oh, something went wrong: You should check the http ”s” site

    Videotutorial.ro not store visitors' personal data.
    You have not login, you do not have passwords, user, identity data etc.
    When you visit videotutorial.ro you do it through 'http' not through 'https'.

    team videotutorial.ro

  8. Heartbleed test said

    I rectify the site, it's okay, I apologize — it seems that when you enter http before it gives you something and when you enter without http it gives you something else

  9. Hello
    Speaking tutorial on expanding the network with multiple routers, can I hope you make a tutorial?

    • I will make a new network, and if you still have to do I will share with you the experience that will pass.
      Now look for the necessary equipment and when I will have it all going to do this tutorial.
      We also have a PoE (Power over Ethernet) technology extremely useful for remote locations where there is no electrical grid.

  10. Thanks us anything, do not know why it's so angry person above and I look forward to following tutorials that you ve done.

  11. Hint tutorials Ubuntu.

  12. Congratulations el.Astazi tutorial and thanks for your tutorial because I decided to install my freedom Safety okay mea.Sunt few people who lose their precious time just to inform them and others about major security problems are `online 'and what risks they are exposed when using public Wi-Fi networks' passwords us.' respect!

  13. If you use LastPass we're in danger?

  14. The three days I report that my antivirus stopped an attempted port scanning, what that means just happen tonight.

  15. I do not understand why you do not join, and give them a coment on videotutorial and as to be her job and I for I were directors not only would not but give Leas and spam, as another time to even take the other site
    As Haku inseammna vurnerabilitate topic.

  16. Michael Alexu said

    Hello videotutorial.ro! I would also like to make a tutorial about a program very easy to download music wherever, on any website, even on Trilulilu (especially even on that). Know that there are many going to Trilulilu Downloader tell me to use but I do not use that one for when I want to download exactly where I tell him I do not want, you really need to download where he says, I think he's nush has many minuses, and I know a PyMaxe the program is very good but unfortunately do not know what they had creeatorii with him lately I no longer find songs that I download before such old songs and bands Generic Azur (probably going to laugh but he that listening and that I need to download). If so how 3-4 days I could find 10 results with songs of theirs or more 10, no longer finds anything, I looked on the website and see that on trilulilu there are songs respective.Am check the options to download on all sites including Trilulilu.Imi like very much to that program as easily unload: I wrote the song, go and listen, and if I wanted them gave direct Download no longer need to copy and pasta there, that it was wet in the mouth, but now if they walked in the Pymaxe to him, not what to do, went very well, do not understand what II know trebuia.Daca May and Another program, at least as good and easy to use as Pymaxe please make UCL tutor him, that I downloaded it right from the Trilulilu.Numai well!

    • Adrian Gudus said

      Pymaxe is not to blame, nor Trilulilu Downloader. The fault is Trilulilu, they disagree with the download videos / music, as YouTube does not agree either.
      These sites are frequently download software updates that no longer work. Google removes Google Play Store extensions for Chrome that facilitates the download of videos from YouTube.

      • Michael Alexu said

        I understand, but the thing is that only those songs I found myself there, but it can este.Atunci if you could do a tutorial program that dumnevoastra download music or whatever, not necessarily the method that you use the program.

    • DanielJr said

      Freemake Video Downloader

  17. Adrian can help me to find out how claculeaza W components to choose a source and how many W main port to leave the reserve.
    What models are the best sources

    • Adrian Gudus said

      My colleague Cristi has already done it in another tutorial about the "source purchase guide" that you can find using the search box on the top right.

  18. Cristian Cismaru:
    I guess you're the engineer / engineers at Google who has / have discovered vulnerability ... and you wrote about it first.
    You / You did a good job with finding the bug and post patch.
    We apologize that we inform our next time do not publish it. Yet we think it's good to know people ....

    The best Notify us please!

  19. caezsar said

    With what to affect you… video tutorial…. You do not even use the https protocol!

  20. Faine tutorials Congratulations! Keep up the good work!
    I have a message for teachers of computer science or whatever ICT macar.Cred pricks can still see that things like formatting a partition, partitioning a hard and more should be taught another class let a5a a6a or even at school. Many teachers in place to teach or let them sit on the net or play these ore.Sincer I think computer classes should be taken more seriously in schools now I want 2 months romanesti.Am heard a story from a post radio, did not want to give names that advertise as they do not know what town in Moldova were received 50 any computer with ubuntu on it, but stand and dust gets on them because nobody knows how to use SO honestly this is serious, very grav.Eu I finished high school bilingual pro a few years ago 6 to us at the computer, the kids and I will stay on the net and most of the time we leave home and everybody was 10.Serios this issue should be taken more seriously in Romanian schools

  21. claudiu said

    Where is Lincu?

  22. Anonymous said

    Linc is text that says access HeartBleed.Da click HeartBleed.

  23. Popescu said

    Cristina watched the tutorial they apk samsung phone but it does not work, does not visualize player.

Speak Your Mind

*