Advertise on

User Tag List

Results 1 to 3 of 3

Thread: Heartbleed

  1. #1
    Senior Member
    Join Date
    Apr 2009
    My Bikes
    Forest Green Dahon Boardwalk
    0 Post(s)
    0 Thread(s)


    Heartbleed may or may not be a big issue on here, but this is what Chromebleed reports:

    "Use caution, had error[diial tcp 98.195.199:443: connection refused]"

    Maybe it's because I'm not a paid member, but I thought I'd mention(and now it won't eat at me).

  2. #2
    Administrator CbadRider's Avatar
    Join Date
    Sep 2008
    On the bridge with Picard
    My Bikes
    Specialized Allez, Specialized Sirrus
    0 Post(s)
    0 Thread(s)
    Thanks, I have reported this to Internet Brands.
    Quote Originally Posted by Xerum 525 View Post
    Now get on your cheap bike and give me a double century. You walking can of Crisco!!

    Forum Guidelines *click here*

  3. #3
    Out fishing with Annie on his lap, a cigar in one hand and a ginger ale in the other, watching the sunset. Tom Stormcrowe's Avatar
    Join Date
    Mar 2006
    South Florida
    My Bikes
    Techna Wheelchair and a Sun EZ 3 Recumbent Trike
    12 Post(s)
    4 Thread(s)
    Near as I can tell, Heartbleed only affects OpenSSL encryption and the forums do not use this. Linux Users do need to be aware that their OS is vulnerable (Debian, SUSE, Ubuntu, Red Hat, et al), since their encryption is driven by OpenSSL

    Quote Originally Posted by heartbleed bug information site

    Heartbleed BugWhat versions of the OpenSSL are affected?

    Status of different versions:

    • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
    • OpenSSL 1.0.1g is NOT vulnerable
    • OpenSSL 1.0.0 branch is NOT vulnerable
    • OpenSSL 0.9.8 branch is NOT vulnerable

    Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
    How common are the vulnerable OpenSSL versions?

    The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).
    How about operating systems?

    Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

    • Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
    • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
    • CentOS 6.5, OpenSSL 1.0.1e-15
    • Fedora 18, OpenSSL 1.0.1e-4
    • OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
    • FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
    • NetBSD 5.0.2 (OpenSSL 1.0.1e)
    • OpenSUSE 12.2 (OpenSSL 1.0.1c)

    Operating system distribution with versions that are not vulnerable:

    • Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
    • SUSE Linux Enterprise Server
    • FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
    • FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
    • FreeBSD 10.0p1 - OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC)
    • FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
    . “He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you.”- Fredrick Nietzsche

    "We can judge the heart of a man by his treatment of animals." - Immanuel Kant

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts