Hello friends, in today's tutorial we will talk about security, more precisely about the vulnerability found in Open SSL used by servers to protect the information entered by users when logging on to a site or web service. The vulnerability called "Heartbleed" appeared with the introduction of a "heart beat" function, a function that allows the active keeping of an authentication session on a site.
What exactly is the vulnerability Heartbleed?
Well, an attacker wishing to exploit this vulnerability can capture everything that is in the server's RAM. If the attack when some users were active login sessions or even logau that time on that site sessions, key in RAM at the moment could be captured and thus could obtain sensitive information, username, password or other information introduced during the session. Captured information could be used later.
Many sites in Romania are still affected by this vulnerability, among them well known and a tracker to whom I will give no name
There are enough companies that do not use OpenSSL but many reputable websites and social platforms like Facebook, Twitter, Flickr Tumblr, Pinterest, Yahoo, Google, Dropbox, using Open SSL.
Fortunately many companies and web services have already patched vulnerability in OpenSSL located. It seems that Google Heartbleed was discovered and patched all of them. As you probably know Google plays an important role in the open source community and not infrequently happened to intervene helping Google open source software, a platform that Google puts a lot because it uses the full basis in most software and services.
How we protect the vulnerability Heratbleed?
As a simple user can not do too many things. A firewall and an antivirus does not help in this case because the attacker is targeting server (website) which we no access to our PC.
- it would be recommended not to use the same password for all accounts, to use as complex passwords as possible that contain letters, numbers, signs, spaces.
- avoid frequent authentications (several times in a short time)
- do not use public networks and do not authenticate from them. If you still have to, use a VPN addressed by us in the tutorial Freedom Okay, pay online and browsing safely
- do not make online payments or fan transfer during this period
- access Heartbleed test to check if the website you want to browse is still vulnerable or not.
In the end, Heartbleed is the biggest vulnerability in Internet history. On a scale of 1 10 security professionals to impart a degree of risk Heartbleed 10 +, very high.
Luckily our website is not affected. Even a few days ago I received an update from WordPress who patched this vulnerability. Users of our site should be to stay calm about it because on our website does not require authentication, sensitive information will not ask, you do not need an account to watch our tutorials.
Heartbleed most dangerous vulnerability affects us directly
[media id = 1111 width = 480 height = 223]
View Comments (42)
In this case, the use of complex passwords with uppercase, lowercase, numbers and other signs is useless, just like in the case of a keylogger that you would have on your PC, because absolutely all the keys pressed are intercepted ... so ...
Thanks for the tutorials, which I follow all the time, but lately they are a bit rare ...
You are not right when you say "not to change our password unless we have received an email". !!!!
Change passwords regularly, once every 2-3 months.
You misunderstood my tutorial. you misunderstood and how an attacker can you get the information. If you were a little more careful and read the text above tutorial and you understand (and you probably have heard) when I said it is not recommended to change the password during this period (1-2 weeks)
It is likely that the site that you come today or tomorrow, the vulnerability still exist. If during this time the attacker take advantage of it and capture that server memory, it could run out username and password because you see, your session is in the server's memory, just when you think you're doing a great deed changing password. If in that time (when you change the password) captures attacker will get not only the old password and new password but with active sessions at the time.
It was easier to say you do not understand the tutorial than me correct me wrong.
Next time be more careful
I am talking in general as well as users ari be to change passwords in a range 2-3-4 months.
I propose to continue the tutorials about surveillance cameras, DVDs, nrvs ... settings ... to make surveillance networks at home or at companies alone. These would really be interesting to carry to the end.
Thank you for this tutorial. I knew that even if the server intercepts encrypted data have had little to do with them. decryption lasts forever. I do not think anyone is really that crazy to stay 1, 2 weeks maybe more to discover a user's password.
IT SEEMS LASTT TORENTS MAY BE INFECTED - http://filippo.io/Heartbleed/#lasttorrents.org
There is an infection, a virus. It is a bug, a flaw. As I said in the text above tutorial, antivirus and firewall does not help you as a user for this vulnerability.
Hello, I really need your help with advice. For about 2 months, after 5 minutes sometimes and 20 minutes, I can no longer surf the net - by default I enter the mail, appearing in my left corner a message "establishing secure connection ... ". And a window that says:" ERROR CODE: ERR-EMPTY-RESPONDE ". On some sites to enter tb to deactivate the antivirus. In order to enter the net, I have to shut down the computer and reopen.I mention that I have Win 7 home and Avast antivirus, brows Chrom.With special respect, Stefan
See if the date, time and year on your PC are set well
I got this system motherboard:https://www.asus.com/Motherboards/M2NE/,procesor:amd phenom ii x4 940
http://www.pcgarage.ro/procesoare/amd/phenom-ii-x4-940-black-edition-300-ghz-skt-am2-plus-box/
GM 4 2 800 MHz DDR RAM, integrated w 45 source.
And I would like to buy this video card:http://www.emag.ro/placa-video-msi-amd-radeon-r7-250-oc-1024mb-gddr5-128bit-hdmi-dvi-vga-propeller-blade-technology-r7-250-1gd5-oc/pd/D387JBBBM/ and I 1.0 slot video card is what capacity will go 3.0 video card and power supply if needed.
You guys from the videotutorial, you're good to best copy-paste to steal items from others sites.
You get smart when you're not and you want to look like a genius in the eyes of uninformed suckers who put their noses.
You have reached pathetic!
I guess you're the Google engineer (s) who discovered the vulnerability ... and you first wrote about it.
You / You did a good job with finding the bug and post patch.
We apologize for informing our visitors, we will not publish such a thing next time. However, we thought it was good for the world to know ....
..... always find a net to throw mud at the one who works, go ahead with the tutorials and do not pay attention to the "great geniuses of the internet"!
We can not go forward in these conditions, close the shop tomorrow, that videoturorial.ro, website responsible for many crimes.
'I' is right, no more ...
Sounds like hell, I'm right ... It would have been correct, I was right, but I'm not, I'm right.
You're such a smart "I say" sucker, you're the one who has smart people following the tutorials of these moderators / administrators. There are also people with professional, high school, college who follow these video tutorials, as you can see from your post you do not have the 8 classes finished from the general school there in the province where you are from or on your vocabulary (from the country) and control your vocabulary a bit as if you were a little "smart".
However, come and watch us secretly looking. Why? We're not smart, right?
Well done guys "videotutorial.ro team" you do a very good job do not consider everything that some people post on your site. Could it be the envy of the man who is successful in everything he does and everything goes ok?
I propose that these messages without good simnt not approve them.
Who reads this message that I leave him and agrees with me I suggest you communicate boys
Let's campaign against the "AWAKENERS".
If they agree to implement this suggestion not to accept this situation.
1 NO Cristi you have no reason to apologize
if Mr. EU were well-intentioned he would not make all users "uninformed suckers"
2 I said and I will say whenever it is needed when you say computer you say videotutorial.ro
3 in the end what to steal from me after I do not know what site "bicycle horses"
4subiectul media is at least 2 years so that theft and copy paste?
5Romani in 2014 in Romania is ==== democracy we have the right to information or not?
Adrian thanks
even your site is vulnerable ---- Uh-oh, something went wrong: You should check the http "s" siteVideotutorial.ro not store visitors' personal data.
You have not login, you do not have passwords, user, identity data etc.
When you visit videotutorial.ro you do it through 'http' not through 'https'.
team videotutorial.ro
rectify the site is ok I apologize --- it seems that when you enter http before it gives you something and when you enter without http it gives you something else
Hello
Speaking tutorial on expanding the network with multiple routers, can I hope you make a tutorial?
I will make a new network, and if you still have to do I will share with you the experience that will pass.
Now look for the necessary equipment and when I will have it all going to do this tutorial.
We also have a PoE (Power over Ethernet) technology extremely useful for remote locations where there is no electrical grid.
Although it would be interesting such tutorial
Thanks us anything, do not know why it's so angry person above and I look forward to following tutorials that you ve done.
He probably has exclusivity for all the topics in the world ever and we "stole" one of these topics.
We are waiting for the quote ...