Jump to content

Heartbleed Bug

L3ftY.

By L3ftY.
in Report News

 Share

Recommended Posts

Sgt Assault Newbie

Sgt Assault

Posted
Posted

I ... I don't even know where to begin responding to your comment, SgtAssault.

So I'm just going to reply to the easiest bit, and hope someone else has enough time to explain it to you.

 

 

... pen-testing software /is/ a real job, with a real salary.

I know pen-testing software is a real job with a real salary. I was referring to the hackers that found it that don't have a real job. I looked it up shortly after posting that comment and saw that some hacker in the west found it by tryin to hack into everyones laptop at a local starbucks. not sure how true the statement is but people that just sit around and try to find ways to steal other hard working peoples money and such needs to get a life. I have respect for the working class but no respect for the lazy or undeserving. im sorry there was confusion with my statement next time ill try and explain myself better

Heretic121 Newbie

Heretic121

Posted
Posted

I know pen-testing software is a real job with a real salary. I was referring to the hackers that found it that don't have a real job. I looked it up shortly after posting that comment and saw that some hacker in the west found it by tryin to hack into everyones laptop at a local starbucks. not sure how true the statement is but people that just sit around and try to find ways to steal other hard working peoples money and such needs to get a life. I have respect for the working class but no respect for the lazy or undeserving. im sorry there was confusion with my statement next time ill try and explain myself better

 

A quote from the website about Heartbleed, in the FAQ; 

 

 

 

Has this been abused in the wild?

We don't know. Security community should deploy TLS/DTLS honeypots that entrap attackers and to alert about exploitation attempts.

...

Who found the Heartbleed Bug?

This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) atCodenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon's Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.

 

The people that found the bug were security engineers, not hackers :)

 

Apologies for jumping down your throat but I'm detest people that assuming pen testing, and the like, are not "real jobs" and that they should go get "a better job". Quite annoying lol

  • Like 1
Sgt Assault Newbie

Sgt Assault

Posted
Posted

A quote from the website about Heartbleed, in the FAQ; 

 

 

The people that found the bug were security engineers, not hackers :)

 

Apologies for jumping down your throat but I'm detest people that assuming pen testing, and the like, are not "real jobs" and that they should go get "a better job". Quite annoying lol

hey no problem. I know for a fact that the make a hell of a lot of money. cant talk bad about anyone that makes more than me. like I said though I wasn't sure how accurate the small article I read was. I have always wondered though why when they do find a bug like this they broadcast it as like a national security matter. I mean I understand the public has a right to know and all. but at the same time doesn't that alert the hackers that there is a new way they can take others information? I mean I know they are still working on fixing it all up and what not but there are also people (like myself) that has taken very little precaution into preventing this. And I know im not the only one so in a way isn't it just putting more people at risk? again not that im against pen testers or programmers or anyone like that but I do sometimes question the thought process behind making certain things public like this

Heretic121 Newbie

Heretic121

Posted
Posted

Well, as for the publicity it's because it is a big deal and keeping it quiet would have done more harm than good. By the time the media got hold of it all the admins I know, myself included, had already patched the bug as it was released as a major security risk on a number of security websites. The reason it was such a big deal is because even someone with a limited knowledge of SSL could have exploited it.

 

As for releasing bugs, it comes in a variety of ways. Some will publicly announce it. Others will inform the appropriate company directly, sometimes giving them a deadline for when they will publicly release it. Some will just keep it to themselves. It all depends on who finds it really, and what their bug/exploit release policy is.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept