Advertise on Bikeforums.net



User Tag List

Results 1 to 3 of 3

Thread: Heartbleed

  1. #1
    Senior Member
    Join Date
    Apr 2009
    My Bikes
    Forest Green Dahon Boardwalk
    Posts
    181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Heartbleed

    Heartbleed may or may not be a big issue on here, but this is what Chromebleed reports:

    "Use caution, www.bikeforums.net had error[diial tcp 98.195.199:443: connection refused]"

    Maybe it's because I'm not a paid member, but I thought I'd mention(and now it won't eat at me).

  2. #2
    Administrator CbadRider's Avatar
    Join Date
    Sep 2008
    Location
    On the bridge with Picard
    My Bikes
    Specialized Allez, Specialized Sirrus
    Posts
    5,730
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, I have reported this to Internet Brands.
    Quote Originally Posted by toddles View Post
    So Tom only hires people that are nutty? Is part of the requirement to be a moderator on this site is that you have to be nuts??
    Forum Guidelines *click here*

  3. #3
    The Site Administrator: Currently at home recovering from a couple of strokes,please contact my assistnt admins for forum issues Tom Stormcrowe's Avatar
    Join Date
    Mar 2006
    Location
    South Florida
    My Bikes
    Techna Wheelchair and a Sun EZ 3 Recumbent Trike
    Posts
    16,012
    Mentioned
    10 Post(s)
    Tagged
    4 Thread(s)
    Near as I can tell, Heartbleed only affects OpenSSL encryption and the forums do not use this. Linux Users do need to be aware that their OS is vulnerable (Debian, SUSE, Ubuntu, Red Hat, et al), since their encryption is driven by OpenSSL

    Quote Originally Posted by heartbleed bug information site

    Heartbleed BugWhat versions of the OpenSSL are affected?

    Status of different versions:

    • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
    • OpenSSL 1.0.1g is NOT vulnerable
    • OpenSSL 1.0.0 branch is NOT vulnerable
    • OpenSSL 0.9.8 branch is NOT vulnerable

    Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
    How common are the vulnerable OpenSSL versions?

    The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).
    How about operating systems?

    Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

    • Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
    • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
    • CentOS 6.5, OpenSSL 1.0.1e-15
    • Fedora 18, OpenSSL 1.0.1e-4
    • OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
    • FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
    • NetBSD 5.0.2 (OpenSSL 1.0.1e)
    • OpenSUSE 12.2 (OpenSSL 1.0.1c)

    Operating system distribution with versions that are not vulnerable:

    • Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
    • SUSE Linux Enterprise Server
    • FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
    • FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
    • FreeBSD 10.0p1 - OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC)
    • FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
    on light duty due to illness; please contact my assistants for forum issues. They are Siu Blue Wind, or CbadRider or the other 3 star folk. I am currently at home recovering from a couple of strokes. I am making good progress, happily.


    . “He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you.”- Fredrick Nietzsche

    "We can judge the heart of a man by his treatment of animals." - Immanuel Kant

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •