4/15/2014

Open SSL - Zero Day Bug [Heartblood]

Open SSL Web Server အသုံးျပဳသူေတြအေနနဲ႔ version 1.0.1 ကေန 1.0.1f ကုိသုံးေနတာဆုိရင္ ခ်က္ခ်င္း 1.0.1g ကုိေျပာင္းလဲဖုိ႔ လုိအပ္တယ္လုိ႔ဆုိပါတယ္။ Heartblood bug ကုိ Google Engineer တစ္ေယာက္ျဖစ္တဲ့ codenomicon.com မွေတြ႕ရွိတာပါ။ ပုံမွန္အားျဖင့္ Website ေတြဟာ SSL (Secure Sockets Layer) ဒါမွမဟုတ္ TLS (Transport Security Layer) ကုိအသုံးျပဳရင္ လုံျခဳံမွဳရွိပါတယ္။ Open SSL ဆုိတာကလည္း အဲဒီလုိ SSL protocol ကုိ support လုပ္တဲ့တစ္ခုပါပဲ။ သူကေတာ့ Open-source ေပါ့။ ဒီ bug ေၾကာင့္ ဟက္ကာေတြဟာ User ေတြရဲ႕ data ေတြကုိခုိးယူႏုိင္မွာျဖစ္ပါတယ္။
Security researcher တစ္ေယာက္ျဖစ္တဲ့ Robert Graham ရဲ႕ေတြ႕ရွိခ်က္အရ website ေပါင္း 600,000 ေက်ာ္ဟာ vulnerable ျဖစ္တဲ့စာရင္းထဲမွာပါဝင္ပါသတဲ့။ ဒီထဲမွာ Yahoo Mail, Lastpass နဲ႔ FBI ေတြေတာင္ပါဝင္ပါတယ္။ Heartblood ေၾကာင့္ users 800 million ရွိတဲ့ Yahoo ဟာ data exposed ခံရပါတယ္။ 


ကုိယ္အသုံးျပဳတဲ့ we server ဟာ Vulnerable ျဖစ္/မျဖစ္ဆုိတာ filippo.io/Heartbleed မွာစစ္ေဆးၾကည့္ႏုိင္ပါတယ္။ ဒီ vulnerable flaw မွာ affected မျဖစ္တဲ့ Open SSL version ေတြကေတာ့ ဗားရွင္းအနိမ့္ေတြျဖစ္တဲ့ 1.0.0, 0.9.8 တုိ႔ျဖစ္ပါတယ္။


Video Explain


Ref: http://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html
        http://heartbleed.com/
Posted by at
Labels: ,

No comments:

Post a Comment

If you good, i don't bad. if you think you can bark me, I think i can also fuck you. I'm just ordinary person. Is that OK? :)

Subscribe to: Post Comments (Atom)

Members

Popular Posts

  • Acunetix Web Vulnerability Scanner 8 + CRACK
    Acunetix ဆုိတာ နာမည္ၾကီး Vul Scanner ပါ။ ကြ်န္ေတာ္ကုိယ္တုိင္ ေသခ်ာစမ္းသပ္ေအာင္ျမင္ (ေဒါင္းတာကုိေျပာတာေနာ္) လုိ႔ တင္ေပးလုိက္ပါတယ္။ Install...
  • Red Hat Linux Complete Reference
    The ultimate resource on Red Hat Linux 6.2! Master Red Hat 6.2—the latest and most popular free, open-source distribution of Linux—with...
  • Hardware Hacking: Have Fun While Avoiding Your Warranty
    Warranty မပ်က္ေအာင္ Hardware ကုိကလိနည္းစာအုပ္ျဖစ္ပါတယ္။ ဥပမာ BIOS Logo ပုံစံေတြကုိ ကုိယ္လုိခ်င္တဲ့ Logo နဲ႕ေျပာင္းပစ္တာမ်ဳိးေပါ့။ ဒါေပမ...
  • Proxy ဆိုတာဘာလဲ
    အခုဒီ post မွာေတာ့ Proxy ဆိုတာဘာလဲ ဘယ္လိုအသံုး၀င္သလဲ ဆိုတာေတြကို ရွင္းျပေပးသြားပါမယ္။ Proxy ဆိုတာ user နဲ ့ server ၾကားမွာ ေပါင္းကူးေပ...

Blog Archive

Categories

A+ eBooks (11) Addon (1) Admin Finder (4) Adobe (1) Adobe eBooks (13) Alpha Zawgyi Font (10) Android (96) Android Root (2) Anonymity (1) Antivirus (12) Application eBooks (4) Articles (4) AutoCAD (1) Backtrack (9) Bat File Code (4) Bitcoin (6) Blogger (13) Bootable USB Tools (1) Bootin (1) Botnet (2) Browser (6) Buffer Overflow (1) CD/DVD Tools (9) CloudFlare (1) commands (1) Cookie (1) Cosmology (3) Cracking (4) Cracking eBooks (4) Dcreen Capture Tool (1) DDoS (12) Decompiler (1) Developer Tools (1) Dictionary (3) Domain Lookup (1) DotA Utilities (7) Download Manager (12) Downloader (6) Driver DVD (3) Drupal (2) Engineering eBooks (7) Exam Guide (1) Exploit (4) Facebook (15) Facebook Like Button (1) File Storage (3) File Transfer Tools (3) Firefox (2) Flash Player (2) Folder Lock Tools (2) Free Hosting (1) FUD (3) Games (19) GIF Tools (1) Gmail (9) Google (2) Google Chrome (3) Google Dork (8) Google Talk (6) Hacking (49) Hacking Ebooks (104) Hacking Tools (73) Hash Crack (1) IELTS (1) IIS (1) Imaging Tools (9) Internet Guide eBooks (7) iOS (9) IOS Myanmar Font (1) Ip Hider (1) Joomla (2) Joomla Hacking (4) Kali (32) Keygens (5) Keyloggers (10) Knowledges (21) Linux (51) Linux eBooks (7) Mac OSX (1) Malware Analysis (3) MD5 (2) Media Converter Softwares (6) Media Players (11) Metasploit (3) Microsoft Office (7) Mobile (2) Movies (2) Mp3 Collection (1) Myanmar Ebooks (98) myBB (1) Networking (10) Networking eBooks (36) Networking Tools (6) News (13) Office Activators (1) Office Plugins (1) Opera (1) OWASP (3) Password Cracking Tools (9) PDF Reader (3) Pen-Testing (15) Perl (3) Phishing (1) Photo Editor (3) PHP (2) Premium Link Generator (1) Programming eBooks (40) Proxy (8) Python (3) Recovery Tools (2) Rooting (15) Scanner (7) Science (1) Screen Saver (2) Script (4) Shell (14) SQL Injection (21) SSL (1) Symlink (2) System Tools (13) Tips and Tricks (70) Tor (2) Torrent (5) Transformation Pack (2) Ubuntu (13) Unix eBooks (8) USB Disk Security Software (6) vBulletin (1) Video Tutorials (1) Virtual Machine Tools (4) Virus Source Code (2) VPN (4) Wallpapers (3) Web Design eBooks (3) Web Hacking (11) Wifislax (1) Windows (9) Windows 7 (7) Windows 7 Ebooks (4) Windows 8 (7) Windows Activators (7) Windows Registry eBooks (3) Windows Shortcut (1) Windows XP (1) Wireless Hacking Tools (15) Wordlist (3) Wordpress (3) XSS (4) Zero Day (1) Zipping Tools (5) ကဗ်ာစာအုပ္မ်ား (2) (1)

[MSF]

[MSF]

Like Us On Facebook

Donation Bitcoin Address

14KASzhiexNtC8PhRvPMpt7iWWozRiz8KP

Total Pageviews