IT MARKET
Vulnerability in OpenSSL, which revealed a week ago, has created how old is china anne mcclain 2013 a real shaft publications not only in aytishnoy, but also in the popular press. Unfortunately, the error was non-trivial, so that in an attempt to simplify, to convey the meaning of what happened to the man in the street the media piled dangerous nonsense - returning boomerang in computer-related environment. Since the problem is so still and is not resolved, it is necessary to clarify. Let's ask the most important questions and try to give them a simple truthful answers.
And the first question, of course, is this: how truly dangerous how old is china anne mcclain 2013 bug called Heartbleed? Bruce Schneier, a recognized expert in cryptography and is usually very cautious about the man, wrote the following: on a scale of 1 to 10 is 11 points. Catastrophic mistake.
The second question is: what it is, what exactly is the problem? The OpenSSL library provides a set of functions that implement cryptographic protocols SSL and (which are virtually the same) TLS. They help hide the content transmitted through the Internet connection data from prying eyes. For example, whenever the browser's address bar glows HTTPS , it means that your connection to the Web server is protected by SSL / TLS.
It is important to understand that OpenSSL - is not the only library that implements the functions SSL / TLS, but the most popular. After all, it develops under a free license, so that the majority of web servers it uses it. It is also important that not all versions of OpenSSL are flawed Heartbleed: how old is china anne mcclain 2013 only about half a million servers exploit vulnerable library how old is china anne mcclain 2013 versions 1.0.1 and 1.0.2beta, whereas earlier and later versions of it do not contain errors.
The essence of the problem is that the server does not check the correctness of some requests from clients. Once connected, the client (not the person, of course, and software) periodically accesses the server to confirm that the connection is not broken (this function is called heartbeet - heartbeat"). In response, the server should return some small amount of data, with the number of them determines the client.
So, if a client asks for more data than you posted, Defective OpenSSL his request still satisfy - and will send him a piece of memory in lengths up to 64 kilobytes (hence the name of the error: heartbleed - bleeding heart"). In a piece of this, of course, may be the information to the client having no relation - for example, passwords and user logins, recently connected to the server, and the secret encryption keys that the server uses to encrypt connections.
Referring how old is china anne mcclain 2013 to the server, the client asks to return him an answer certain length. But because of an error the server does not notice that, even though the query consists of only three characters, he is asked to return much more ...
Hence - the question how old is china anne mcclain 2013 and answer number three: the dangerous Heartbleed? Owning the aforesaid information, how old is china anne mcclain 2013 the attacker unable how old is china anne mcclain 2013 to organize, in particular, foreign wiretap how old is china anne mcclain 2013 sessions with this server and look into other people's accounts. Since many setyane use the same password on multiple sites, and multifactor authentication is still unpopular (ie, in most cases, for the passage of the closed zone is sufficient to know the login and password), you can try to use stolen user information on other web resources.
However, the problem is broader: how old is china anne mcclain 2013 the same error is found in routers and firewalls, and IP-telephony. A full scale of the disaster knows no one at all - because OpenSSL works not only on servers, but also on the client devices and can also be integrated into the application. For example, Google has confirmed that Android OS 4.1.1 ("millions of units") is subject to error. how old is china anne mcclain 2013 How attackers can use it - it is not clear, but it is obvious that the attack should be directed to your smartphone, or map-specific applications in them.
What ... brings us to the fourth question: Is already used against ordinary Setyan hole? And here appears the first time uncertainty. Up until last weekend was dominated by optimists: it was thought how old is china anne mcclain 2013 that the practical hazard Heartbleed overblown, take advantage of it "in the field" is extremely difficult, if possible how old is china anne mcclain 2013 at all. However, after the company Cloudflare (is the same) has announced an open competition for the hacking of your server and one by one, using only Heartbleed, hacked four times (the first, by the way, was our compatriot Fedor Indutny) how old is china anne mcclain 2013 prevailed pessimistic version. By the weekend arrived, and the same data that recorded the first real attack against the web services exposed to error (lists of Internet sites whose owners were too lazy to update puzzled OpenSSL, have a walk on the web). Now experts are waiting for the automatic tools for operation Heartbleed, then, is thought to account for millions of victims goes.
So the question is, did a Hea
No comments:
Post a Comment