AntiPolygraph.org Message Board - Critical Bug in OpenSSL

(UTC)

Welcome, Guest. Please Login or Register

You can enhance your privacy when browsing and posting to this forum by using the free and open source Tor Browser and posting as a guest (using a fake e-mail address such as nobody@nowhere.com) or registering with a free, anonymous ProtonMail e-mail account. Registered users can exchange private messages with other registered users and receive notifications.

In addition, check out our live chat server.

AntiPolygraph.org Message Board › Polygraph and CVSA Forums › Action Alerts and Announcements › Critical Bug in OpenSSL

(Moderator: Administrator)

‹ Previous Topic | Next Topic ›

Pages: 1

Add Poll

Send Topic

Critical Bug in OpenSSL (Read 6464 times)

Administrator Administrator Offline Posts: 343 Joined: Sep 28^th, 2000	Critical Bug in OpenSSL Apr 8^th, 2014 at 8:16am	Mark & Quote Quote Print Post
	A critical bug has been discovered in OpenSSL 1.0.1 through 1.0.1f (inclusive). AntiPolygraph.org is presently running OpenSSL 1.0.1e-fips. Thus, the vulnerability would allow an attacker to obtain our SSL private key and decrypt all intercepted traffic. You can read more about the so-called "heartbleed" bug here: http://heartbleed.com/ We have requested that our Internet service provider upgade to OpenSSL 1.0.1g as soon as possible. Once this has been done, we will revoke our SSL certificate and create a new one based upon a newly-generated SSL key. Until then, you should assume that your interactions with this website are no more secure than if we were not using SSL encryption.
	« Last Edit: Apr 8^th, 2014 at 8:57am by Administrator »
	AntiPolygraph.org Administrator
	Facebook Twitter YouTube IP Logged

Administrator Administrator Offline Posts: 343 Joined: Sep 28^th, 2000	Re: Critical Bug in OpenSSL Reply #1 - Apr 8^th, 2014 at 8:57am	Mark & Quote Quote Print Post
	A web page has been set up to test websites for vulnerability to the heartbleed bug. As you'll note, AntiPolygraph.org is presently vulnerable: http://filippo.io/Heartbleed/#antipolygraph.org:443
	« Last Edit: Apr 8^th, 2014 at 9:15am by Administrator »
	AntiPolygraph.org Administrator
	Facebook Twitter YouTube IP Logged

Administrator Administrator Offline Posts: 343 Joined: Sep 28^th, 2000	Heartbleed Vulnerability Fixed on AntiPolygraph.org Reply #2 - Apr 12^th, 2014 at 10:00am	Mark & Quote Quote Print Post
	The following measures have been taken to eliminate the Heartbleed vulnerability on AntiPolygraph.org: 1) Our web hosting provider, OrangeWebsite.com, upgraded OpenSSL on our server to a version that lacks the Heartbleed vulnerability; 2) Our web hosting provider installed a new SSL certificate based on a new private key; 3) After this was done the administrator password for AntiPolygraph.org was changed, a new private key was generated, and a new SSL certificate was issued. As a precaution, it would be prudent for registered users of this message board to change their passwords.

	AntiPolygraph.org Administrator
	Facebook Twitter YouTube IP Logged

Pages: 1

Add Poll

Send Topic

‹ Previous Topic | Next Topic ›

Critical Bug in OpenSSL

Name:
E-mail:
Your Verification Code is:	Please type the characters that appear in the image. The characters must be typed in the same order, and they are case-sensitive.
Verification Code:
Preview

Message Icon:

Subject:

Message:
You can resize the textbox by dragging the right or bottom border.

Max 200000 characters. Remaining characters:

Text size: pt

More Smilies

View All Smilies

Collapse/Expand additional features

Attachments More Attachments

Allowed file types: txt doc docx ics psd pdf bmp jpe jpg jpeg gif png swf zip rar tar gz 7z odt ods mp3 mp4 wav avi mov 3gp html maff pgp gpg
Maximum Attachment size: 500000 KB

Attachment 1:

Attachment 2:

Attachment 3:

Attachment 4:

Attachment 5:

Attachment 6:

Attachment 7:

Attachment 8:

Attachment 9:

Attachment 10:

Disable UBBC and Smilies:

Check this if you wish to disable parsing of ubbc tags and smilies.