Heartland

http://www.bbc.co.uk/news/technology-29361794

should i be worried? I find it so hard to keep up with these things. Will windows defender cope

thanks in advance

should i be worried?

Probably

you might need to upgrade things like router firmware...

so this doesn't affect windows users? or does it if it the servers we are using are affected?

my very limited understanding is that yes if the server is running windows you are at risk

no firmware update for my router yet #danger of PIB being involved in goth fappening remains high

For once it's not so bad have Windows (7).

This bug only affects a few corner cases, where for example, a web server hands through unsanitized user-provided stuff to the environment variables of a CGI script (which is a very bad idea in the first place) and similar situations.

Windows isn't affected (unless you run something like Cygwin on it and have a scenario like the above).

Rather exaggerated in the mainstream press, as usual. The 'heartbleed' bug was much worse.

Yeah Windows is actually safe, it's a Linux/unix exploit

The thing is, your broadband router might be vulnerable, depending on the model and network. Who knows what crappy cgi scripts get stuck on them?

Are Mac's affected? (I want to know if this is the one time windows users are able to say to a mac user "get a pc")!

Dan wrote:Are Mac's affected? (I want to know if this is the one time windows users are able to say to a mac user "get a pc")!

OSX is just a fork of the (normally free) Unix OS - people are just paying for the Apple brand name on top of free software - so yes, it affects Macs as well.

lazarus corporation wrote:so yes, it affects Macs as well.

lazarus corporation wrote: OSX is just a fork of the (normally free) Unix OS - people are just paying for the Apple brand name on top of free software - so yes, it affects Macs as well.

Not quite... most of OSX is original and was developped by Apple and NeXT (Steve Jobs' previous firm before he re-joined Apple). It is however true that it sits on a substrate of free software that was taken from the BSD, Mach and Gnu projects (largely developped at US universities and paid for by the American taxpayer).

I can't help but think that these issues should be kept out of the press really.
At least until fixes/ patches are issued.
Originally the story alluded that machines "could" be compromised & now, a few days after much media coverage, machines "have" been compromised.
But I am curious to know how many would have been attacked had the bug not been plastered all over the news.

Security through obscurity? But the problem is, you're just assuming the black hats haven't already found the bug. It was certainly the case that the Heartbleed bug was being exploited for months before any of the white hats even knew it was there.

I'm pretty sure that the black hats (or at least a few of them) have already found it.
Also pretty sure that some of them are employed by cyber security firms, but then that's my tin foil hat view.I just can't help thinking that the media coverage just brings a few more chancers to the party who just want to cause a bit of mischief.
I'm sure that if you go trawling the deep web, there are prolly thousands of these type of exploits out there that aren't reported in the press.

Pista wrote:I'm pretty sure that the black hats (or at least a few of them) have already found it.
Also pretty sure that some of them are employed by cyber security firms, but then that's my tin foil hat view.

i dont know about tin-foil hats. you meet some pretty diverse and interesting people hitch-hiking;i was once picked up by a guy who just about fitted the description of a black-hat working for a cyber-security outfiit. and if half of what he told me (or alluded to) was straight up then its way beyond conspiracy theories.

*Reaches for the off button*

Add to this the rather mañana attitude of most system administrators, and you've got a match made in hell.

It's a wonder the Internet even works at all.

Obligatory

Pista wrote:Obligatory

you mean thats not how it works?

& if you type the word "google" into google, you'll break the internet