Normal Topic Critical Bug in OpenSSL (Read 6114 times)
Paste Member Name in Quick Reply Box Administrator
Administrator
*****
Offline



Posts: 333
Joined: Sep 28th, 2000
Critical Bug in OpenSSL
Apr 8th, 2014 at 8:16am
Mark & QuoteQuote Print Post  
A critical bug has been discovered in OpenSSL 1.0.1 through 1.0.1f (inclusive). AntiPolygraph.org is presently running OpenSSL 1.0.1e-fips. Thus, the vulnerability would allow an attacker to obtain our SSL private key and decrypt all intercepted traffic. You can read more about the so-called "heartbleed" bug here:

http://heartbleed.com/

We have requested that our Internet service provider upgade to OpenSSL 1.0.1g as soon as possible. Once this has been done, we will revoke our SSL certificate and create a new one based upon a newly-generated SSL key.

Until then, you should assume that your interactions with this website are no more secure than if we were not using SSL encryption.
« Last Edit: Apr 8th, 2014 at 8:57am by Administrator »  

AntiPolygraph.org Administrator
Back to top
IP Logged
 
Paste Member Name in Quick Reply Box Administrator
Administrator
*****
Offline



Posts: 333
Joined: Sep 28th, 2000
Re: Critical Bug in OpenSSL
Reply #1 - Apr 8th, 2014 at 8:57am
Mark & QuoteQuote Print Post  
A web page has been set up to test websites for vulnerability to the heartbleed bug. As you'll note, AntiPolygraph.org is presently vulnerable:

http://filippo.io/Heartbleed/#antipolygraph.org:443
« Last Edit: Apr 8th, 2014 at 9:15am by Administrator »  

AntiPolygraph.org Administrator
Back to top
IP Logged
 
Paste Member Name in Quick Reply Box Administrator
Administrator
*****
Offline



Posts: 333
Joined: Sep 28th, 2000
Heartbleed Vulnerability Fixed on AntiPolygraph.org
Reply #2 - Apr 12th, 2014 at 10:00am
Mark & QuoteQuote Print Post  
The following measures have been taken to eliminate the Heartbleed vulnerability on AntiPolygraph.org:

1) Our web hosting provider, OrangeWebsite.com, upgraded OpenSSL on our server to a version that lacks the Heartbleed vulnerability;

2) Our web hosting provider installed a new SSL certificate based on a new private key;

3) After this was done the administrator password for AntiPolygraph.org was changed, a new private key was generated, and a new SSL certificate was issued.

As a precaution, it would be prudent for registered users of this message board to change their passwords.
  

AntiPolygraph.org Administrator
Back to top
IP Logged
 
Critical Bug in OpenSSL

Please type the characters that appear in the image. The characters must be typed in the same order, and they are case-sensitive.
Open Preview Preview

You can resize the textbox by dragging the right or bottom border.
Insert Hyperlink Insert FTP Link Insert Image Insert E-mail Insert Media Insert Table Insert Table Row Insert Table Column Insert Horizontal Rule Insert Teletype Insert Code Insert Quote Edited Superscript Subscript Insert List /me - my name Insert Marquee Insert Timestamp No Parse
Bold Italicized Underline Insert Strikethrough Highlight
                       
Insert Preformatted Text Left Align Centered Right Align
resize_wb
resize_hb







Max 200000 characters. Remaining characters:
Text size: pt
More Smilies
View All Smilies
Collapse additional features Collapse/Expand additional features Smiley Wink Cheesy Grin Angry Sad Shocked Cool Huh Roll Eyes Tongue Embarrassed Lips Sealed Undecided Kiss Cry
Attachments More Attachments Allowed file types: txt doc docx ics psd pdf bmp jpe jpg jpeg gif png swf zip rar tar gz 7z odt ods mp3 mp4 wav avi mov 3gp html maff pgp gpg
Maximum Attachment size: 500000 KB
Attachment 1:
X