Zloth
I smell a... wumpus!?
It's serious all right: http://heartbleed.com/
Yeah, I bet that guy says it was hacked. Otherwise he's going to get sued.
Yeah, I bet that guy says it was hacked. Otherwise he's going to get sued.
He lives in the German city of Munster and is among the community of programmers who contribute code to the OpenSSL project. OpenSSL is the open-source software that provides encryption for two-thirds of the Web's servers.
Seggelmann told the the Sydney Morning Herald that he did not notice the error when he wrote the flawed code that became the Heartbleed bug two years ago. And when he submitted it, the error was also missed by the person who reviewed the code.
"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," he told the Herald. "In one of the new features, unfortunately, I missed validating a variable containing a length."
Seggelmann gave the interview in part to clarify that Heartbleed was a mistake, not deliberate. He wanted to counter rumors that it was part of some nefarious plot to create a backdoor to allow government security agencies to spy on Internet users.
"In this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area," he told the Herald. "It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."
The programmer is the designer [1]. The idea behind Heartbeat is to keep a connection live when there is no network traffic, like keeping a VPN tunnel up and NAT (many computers behind one IP-address).I don't blame the programmer one bit. I do blame the designers of the specification as why the heck do we need super dynamic heartbeat systems?
Payload
Steals sensitive information
Trojan:Win32/Retefe.A can steal sensitive information from your PC, such as your online user names and passwords. It does this by installing a fake self-signed certificate and intercepting traffic through your Internet browser.
It installs a fake self-signed certificate with the thumbprint 3DDF56A7004D90034D77E2D97F68C56FAA3C93AD:
[ef51a7616b853ac2.png]
It then installs the self-signed certificate to be used by the Firefox browser.
It also changes the DNS server to an IP address of a server controlled by the attacker. We have seen the following IP addresses being used:
193.169.244.191
93.171.202.99
Stops processes
Trojan:Win32/Retefe.A terminates the following processes if they are running:
iexplore.exe
firefox.exe
chrome.exe
This.It also changes the DNS server to an IP address of a server controlled by the attacker.
1295648048-www.paypal.central-process-payment.xyz