New Computer Virus
- joe27
-
joe27
- Member since: Sep. 8, 2012
- Offline.
-
- Forum Stats
- Member
- Level 14
- Gamer
It has come to my attention that there is a new virus on the web.
I would advise everyone to help curb the effects of the virus, to alter your password.
Plus, it can't hurt to change it once in a while.
valhalla i am coming
- Zachary
-
Zachary
- Member since: Aug. 11, 2006
- Offline.
-
- Forum Stats
- Moderator
- Level 30
- Melancholy
Are you talking about heartbleed? If you are, that is a bug not a virus. Also, I am sure a bunch of new viruses are created every day. That is why anti-viruses have to keep updating to keep up with the latest ones.
- Zachary
-
Zachary
- Member since: Aug. 11, 2006
- Offline.
-
- Forum Stats
- Moderator
- Level 30
- Melancholy
At 4/9/14 08:38 PM, Decimating wrote:At 4/9/14 08:35 PM, Zachary wrote: Are you talking about heartbleed? If you are, that is a bug not a virus. Also, I am sure a bunch of new viruses are created every day. That is why anti-viruses have to keep updating to keep up with the latest ones.Hreatbleed? What bug is this?
Basically, there is a security bug in openSSL. It can be fixed pretty easily actually.
- Timmy
-
Timmy
- Member since: Jan. 12, 2005
- Offline.
-
- Send Private Message
- Browse All Posts (10,580)
- Block
-
- Forum Stats
- Moderator
- Level 36
- Art Lover
At 4/9/14 08:41 PM, Zachary wrote:At 4/9/14 08:38 PM, Decimating wrote: Hreatbleed? What bug is this?Basically, there is a security bug in openSSL. It can be fixed pretty easily actually.
http://techcrunch.com/2014/04/07/massive-security-bug-in-openssl-could-effect-a-huge-chunk-of-the-internet/
You nuts?! I'm not clicking that link!
- Entice
-
Entice
- Member since: Jun. 30, 2008
- Offline.
-
- Send Private Message
- Browse All Posts (16,716)
- Block
-
- Forum Stats
- Member
- Level 13
- Blank Slate
I already use different passwords for everything and they're mostly random words and numbers so I think I'm good
- UndeadFighter
-
UndeadFighter
- Member since: Sep. 27, 2013
- Offline.
-
- Forum Stats
- Member
- Level 14
- Gamer
Stupid Virus. They all think they can do whatever they want.
RDR FOR LIFE
- Zachary
-
Zachary
- Member since: Aug. 11, 2006
- Offline.
-
- Forum Stats
- Moderator
- Level 30
- Melancholy
At 4/9/14 08:58 PM, Entice wrote: I already use different passwords for everything and they're mostly random words and numbers so I think I'm good
The problem is the bug exposes the encryption used on the servers that hosts your information. So if someone uses the exploit then they will be able to get your login information on that website.
- Entice
-
Entice
- Member since: Jun. 30, 2008
- Offline.
-
- Send Private Message
- Browse All Posts (16,716)
- Block
-
- Forum Stats
- Member
- Level 13
- Blank Slate
At 4/9/14 09:11 PM, Zachary wrote: The problem is the bug exposes the encryption used on the servers that hosts your information. So if someone uses the exploit then they will be able to get your login information on that website.
Yeh, I read that afterwards.
Was reading a conversation on FB and someone recommended changing your password to defeat the virus, silly me just assumed they were right
- JRob
-
JRob
- Member since: Nov. 10, 2011
- Offline.
-
- Forum Stats
- Member
- Level 12
- Musician
At 4/9/14 08:54 PM, Timmy wrote:At 4/9/14 08:41 PM, Zachary wrote: http://techcrunch.com/2014/04/07/massive-security-bug-in-openssl-could-effect-a-huge-chunk-of-the-internet/You nuts?! I'm not clicking that link!
You forgot to add the image
4:08 PM - Detective Prince: why does it matter HOW MANY of a thing you've watched
4:09 PM - Nor // [Loli]: Anime is a fucking sport
- KatMaestro
-
KatMaestro
- Member since: Dec. 9, 2012
- Offline.
-
- Forum Stats
- Supporter
- Level 10
- Blank Slate
Oi, to those of you who's wondering about Heartbleed, there is the website for it.
ELI2 for all of you:
my time to rise... as a hacker
All SSL/TLS certificate use allocator to cache information. Why it is called as "heartbleed", because its core/heart extension RFC6520, a mitigation countermeasure, used to exploit memory/cached content of both server and client (and no this is not MiTM). Frankly, this is server-side bug.
What CVE-2014-0160 can cause are:
- Total kaput of data. This is obvious.
- Stolen private key = forged cert
- Memory corruption = server crash (a way of DoS)
- KatMaestro
-
KatMaestro
- Member since: Dec. 9, 2012
- Offline.
-
- Forum Stats
- Supporter
- Level 10
- Blank Slate
This is NOT THE FIRST TIME TLS/SSL get fucked. In 2012, there are CRIME and BEAST attack which used to exploit the vuln.
For those of you who has OS which use OpenSSL. Read this
If you interested in this, follow this in /r/programming, this in /r/netsec.
For those who wants informative stuff, Theo de Raadt has this (I fucking hate his Comic Sans)
It has been the pain in the ass for the last 6 hours for me at work to set up IPS and IDS just to combat this shit (at yet I still surf NG...). News agent said even Canada Revenue Agency website temporary shut down their service because of this bug.
Expect Snowden to leak shit related to this soon...
- DjGubkafish
-
DjGubkafish
- Member since: Dec. 11, 2013
- Offline.
-
- Forum Stats
- Member
- Level 11
- Blank Slate
At 4/9/14 08:32 PM, joe27 wrote: It has come to my attention that there is a new virus on the web.
I would advise everyone to help curb the effects of the virus, to alter your password.
Plus, it can't hurt to change it once in a while.
there is a virus on the web . shoker
- KatMaestro
-
KatMaestro
- Member since: Dec. 9, 2012
- Offline.
-
- Forum Stats
- Supporter
- Level 10
- Blank Slate
At 4/9/14 08:32 PM, joe27 wrote: It has come to my attention that there is a new virus on the web.
A guy from my office today talked about what if some Russian hacker already exploited it and put in their exploit pack, like what price they would sell it for... I guess this is a golden 0-day.
I would advise everyone to help curb the effects of the virus, to alter your password.
Lol... lol... lmao. Nope. You can do that for one thousand times and still get haxed...
Plus, it can't hurt to change it once in a while.
If this becomes the new SQL-injection-like trend in InfoSec world, I would die from rage...
- Zachary
-
Zachary
- Member since: Aug. 11, 2006
- Offline.
-
- Forum Stats
- Moderator
- Level 30
- Melancholy
At 4/9/14 11:43 PM, Elitistinen wrote: Lol... lol... lmao. Nope. You can do that for one thousand times and still get haxed...
After the website updates their openSSL, it should be safe to change your information.
- KatMaestro
-
KatMaestro
- Member since: Dec. 9, 2012
- Offline.
-
- Forum Stats
- Supporter
- Level 10
- Blank Slate
At 4/9/14 11:48 PM, Zachary wrote:At 4/9/14 11:43 PM, Elitistinen wrote: Lol... lol... lmao. Nope. You can do that for one thousand times and still get haxed...After the website updates their openSSL, it should be safe to change your information.
It would take a while. And who know which new bug the fix might cause.
- Zachary
-
Zachary
- Member since: Aug. 11, 2006
- Offline.
-
- Forum Stats
- Moderator
- Level 30
- Melancholy
At 4/9/14 11:54 PM, Elitistinen wrote:At 4/9/14 11:48 PM, Zachary wrote:It would take a while. And who know which new bug the fix might cause.At 4/9/14 11:43 PM, Elitistinen wrote: Lol... lol... lmao. Nope. You can do that for one thousand times and still get haxed...After the website updates their openSSL, it should be safe to change your information.
http://threatpost.com/openssl-fixes-tls-vulnerability/105300
The benefit of open-source, it is already fixed :)
- Xenomit
-
Xenomit
- Member since: Jul. 13, 2010
- Offline.
-
- Send Private Message
- Browse All Posts (18,203)
- Block
-
- Forum Stats
- Member
- Level 12
- Audiophile
- KatMaestro
-
KatMaestro
- Member since: Dec. 9, 2012
- Offline.
-
- Forum Stats
- Supporter
- Level 10
- Blank Slate
National Suck Asses (NSA) knew about this bug. Oops.
- PotHeadParadise
-
PotHeadParadise
- Member since: Feb. 26, 2013
- Offline.
-
- Forum Stats
- Member
- Level 01
- Blank Slate
How many times do people have to say this? ITS A BUG. Not a virus.
Smoke. Sleep. Life. "Inhale the good shit exhale the bullshit" - Your peaceful dude PotHeadParadise
Peace And Love For A Better World
- joe27
-
joe27
- Member since: Sep. 8, 2012
- Offline.
-
- Forum Stats
- Member
- Level 14
- Gamer
At 4/11/14 10:28 PM, PotHeadParadise wrote: How many times do people have to say this? ITS A BUG. Not a virus.
Yeah sorry incorrect terminology.
valhalla i am coming
- Captain-Slugworth
-
Captain-Slugworth
- Member since: Nov. 28, 2012
- Offline.
-
- Forum Stats
- Member
- Level 12
- Movie Buff
Late Night Lounge--
I just wanted to leave, you know, my apartment. Maybe meet a nice girl. And now I’ve got to die for it!
- Bit
-
Bit
- Member since: Jun. 23, 2007
- Offline.
-
- Forum Stats
- Supporter
- Level 47
- Blank Slate
According to PsychoGoldfish, BrenTheMan has already fixed the problem: http://www.newgrounds.com/bbs/topic/1364182
So you can change your password now, if you think it necessary.
At 4/9/14 11:54 PM, Elitistinen wrote:At 4/9/14 11:48 PM, Zachary wrote:It would take a while. And who know which new bug the fix might cause.At 4/9/14 11:43 PM, Elitistinen wrote: Lol... lol... lmao. Nope. You can do that for one thousand times and still get haxed...After the website updates their openSSL, it should be safe to change your information.
It basically took one line of code to fix the bug. It was a simple bounds check to keep a heartbeat from requesting more memory content than required.
The Bedn Saga - Support Newgrounds
i made eye contact with a girl once - Gay Porn (Hey... looks like you've clicked this one before...)
- SubparTony
-
SubparTony
- Member since: Mar. 30, 2010
- Offline.
-
- Forum Stats
- Member
- Level 18
- Blank Slate
Yeah, heartbleed, a bug not a virus though.
Haven't yet really seen how exactly it works, but I plan to. Also, I think I have to change my passwords but I'm too lazy for that.
Bitte Nazi mods keine bannerino, weil ich ein Nazi Schwein als ihr bin. Danke schön!
- Satan
-
Satan
- Member since: Apr. 19, 2001
- Offline.
-
- Forum Stats
- Member
- Level 14
- Blank Slate
Not a virus, just the Heartbleed Bug. Newgrounds was pretty much unaffected by this, but if you really want to reset your password, feel free.
The websites you do need to cover your ass on however: Twitter, Facebook, Google+, Youtube, (anything else Google owns here), Yahoo, and Hotmail.
The whole Heartbleed thing is being blown out of proportion if you ask me. I've been perfectly fucking fine the past two years, and it's unlikely that anything will happen to me because of it.
- joe27
-
joe27
- Member since: Sep. 8, 2012
- Offline.
-
- Forum Stats
- Member
- Level 14
- Gamer
At 4/12/14 10:08 AM, Satan wrote: Not a virus, just the Heartbleed Bug. Newgrounds was pretty much unaffected by this, but if you really want to reset your password, feel free.
The websites you do need to cover your ass on however: Twitter, Facebook, Google+, Youtube, (anything else Google owns here), Yahoo, and Hotmail.
This has cleared up so many things.
Thank you.
valhalla i am coming
- KatMaestro
-
KatMaestro
- Member since: Dec. 9, 2012
- Offline.
-
- Forum Stats
- Supporter
- Level 10
- Blank Slate
At 4/12/14 09:09 AM, Stevenscar wrote: According to PsychoGoldfish, BrenTheMan has already fixed the problem: http://www.newgrounds.com/bbs/topic/1364182
Awesome, kudos to Bren.
It basically took one line of code to fix the bug. It was a simple bounds check to keep a heartbeat from requesting more memory content than required.
There is an PoC to test out for your server and client, pacemaker. I also wrote a Python script to crawl top 50K site to test out this bug. If any of you use Metasploit, they updated this bug in their module.
