OpenSSL big leak exposure

Summary: Is it possible to cause network chaos? After repeatedly modifying my own questions, I clicked on the send. A moment later, a reply out of the dialog box has now been messed up. After that, it was a long silence. Apparently, the top white hat opposite the Internet

"Could it lead to chaos in cyberspace?" "I clicked" send "after repeatedly modifying my own question.

A moment later, a reply in the dialog box "is now in turmoil." ”

After that, it was a long silence.

Apparently, the top white hat across the net (a hacker who uses his technology in good faith) has ignored me--and there's so much to do in this sleepless night.

April 8, 2014, will be forever in the annals of the Internet.

On this day, the internet world has two events: first, Microsoft officially announced that XP ceased service decommissioning; the second, OpenSSL's big leak.

A lot of ordinary people are more concerned about the first thing because they are related to themselves.

But in fact, the second thing is the real big event.

This vulnerability affects how many sites, this number is still in the evaluation, but to put it, we often visit the Alipay, Taobao, micro-letter public number, yy voice, Mo mo, yahoo Mail, net silver, portals and other sites, basically out of the question.

And abroad, the spread of the site is also countless, even the famous NASA (NASA) has also announced that the user database was leaked.

The hacker named "Heartbleed", meaning "heart Bleed"--represents the deadliest internal injury.

This is a very close statement.

In a professional statement, OpenSSL is a security protocol that provides security and data integrity for network communications, and it achieves high intensity encryption of network communications through an open source SSL protocol.

This means that the existence of OpenSSL is a versatile, cross-platform security tool that is widely used in various web applications because it is very secure.

But now, OpenSSL itself has a loophole, and is very high-risk threat. Using this vulnerability, hackers can easily get users ' cookies, even plaintext accounts and passwords.

What does it look like? You fought against the enemy against the wall, and suddenly the wall collapsed.

So, a crazy race began.

As the site begins emergency alert and repair upgrades, security companies and white hats are busy testing vulnerabilities and expanding inferred, while more hackers are scrambling to get started:

People who understand technology, deeply play this loophole, to it as a weapon, to their own long time to attack the site launched attacks; The small hackers who do not understand technology, like the stragglers on the edge of the big battlefield, use the loophole to plunder.

It was a sleepless night--except for a large number of unsuspecting netizens.

In the face of the crisis, the site's strategy is different, some emergency upgrade OpenSSL, some suspended the service, some services are still, but the suspension of SSL encryption;

I hope that they will be able to maintain their relaxed mood in the morning.

In fact, the loophole itself, now the hackers are fighting for is time, once the main site to complete the bug repair, this wave of earthquakes can be regarded as the past, we naturally return to normal, the network shopping online shopping, the play.

However, it is noteworthy that, because OpenSSL application is very broad, so relative to the site, such as surface applications, it in a variety of clients, VPNs, WAF and other areas, will also bring more hidden risks, and will continue for some time.

Therefore, for users, the current need to do the following two points:

1, at least in the next 1-2 days, as little as possible to log in to https://the beginning of the site, and as little as possible to use the Internet banking services, to avoid their own account password hackers steal.

2, at any time before the security manufacturer has a clear notice, keep vigilant.

And for the entire internet industry, the bigger point of this event is to get everyone back to rethink:

How can we maintain the survival and stability of the virtual world when we feel that everything that is safe suddenly becomes unsafe?

If this event can change the environment, so that because of the lack of attention, the absence of commercial blood transfusion, the long-term weak state of China's network security industry to obtain new life, perhaps, can be a blessing in disguise, finally have the income.