April 8th is the white hat hackers and their sleepless nights." Some people describe this. WIN XP is still in the morning to stop the service, to the evening has been full of loopholes in the OpenSSL message.
OpenSSL is a security protocol for network communications to provide security and data integrity, the major online banking, online payment, electricity providers, portals, e-mail and other widely used. Is this a lot of companies and service providers to encrypt data security protocols, broke the most serious security breaches this year, hackers can use this vulnerability to steal data from the server memory 64KB, 64KB data volume is not large, but hackers can exploit the vulnerability repeated several times to steal data, and may therefore get the user’s encryption key decrypt sensitive data.
for example, OpenSSL is currently the most widely used on the Internet, door lock, and this vulnerability allows a specific version of the OpenSSL into an undefended safe.
discovered security vulnerabilities
hackers, white hats are busy overnight
" (the news) we were initially seen on overseas forums, and soon returned to the domestic." Kingsoft chief security expert Li Tiejun said that in April 7th (U.S. local time) hackers have released the old version of OpenSSL security vulnerabilities, because the vulnerability mechanism described in great detail, soon spread in the circle."
The release of the
vulnerability is at a fairly dangerous point in time – the hackers have already been deployed, and the head of some companies are sleeping. The researchers gave the hole a pretty image of the name "heartbleed"". That night, the security core of the Internet, begin to bleed.
white hat hackers, who in charge of operation and maintenance, security vendors, the smell of blood and moving: some of them began to enter the site heavily-guarded carnival, one by one, to collect data leaks; some began to test how many sites are affected and the launch detection script; some vulnerabilities in the program, but also to prepare to convince customers, serious interpretation some of the problem; the night began to repair upgrade emergency warning system version; WooYun vulnerability on many white hat platform to begin large-scale sites were tested Shuafen, the scene is quite spectacular…… While ordinary netizens have not been informed.
"soon, and even some hackers released the old version of OpenSSL’s’ fool attack’." Li Tiejun explained that this means that non professional and technical personnel as long as the copy can exploit the vulnerability to steal data from the server.
received this loophole we first tested Alipay, confirmed the existence of this vulnerability, launch detection. After that, we found the YAHOO portal home page, WeChat public number, WeChat web version, YY language, Taobao, online banking, unfamiliar street, social, portals exist this vulnerability." Evi1m0 users in the know almost revealed, in a social networking site I get to the user login