Iskreno, cijela ta prica o Heartbleedu je zesca glupost. Vulnerability scanneri ga smatraju Severity 4 problemom, a ne 5, dakle nije kriticno za hitno patchiranje. U principu, ako patchiras unutar 30 dana ce ti security auditori reci da si OK postupio, ionako je vec 2 godine aktivan.
Sto tocno Heartbleed bug radi je receno u sljedecoj recenici - 'permitting attackers to read up to 64 kilobytes of the victim's memory that was likely to have been used previously by OpenSSL'. Sad, ako neko moze izvuci nesto koristno iz 64kB random podataka, svaka mu cast.
Pred par dana su mi vulnerability scanneri poceli vikat za jos jedan Severity 4 problem (zapravo vise njih) vezan uz OpenSSL - OpenSSL Multiple Remote Security Vulnerabilities. Ovaj me malo vise brine.
CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0076
__________________
GMKTec K8Plus
AMD Ryzen 7 PRO 8845HS, 3.80-5.10GHz 8-core
64GB DDR5-5200 (2x32GB), quad-channel
NVMe1 - 512GB Micron 3400, PCI-E 4.0 x4
NVMe2 - 512GB Samsung PM981, PCI-E 3.0 x4
AMD Radeon 780M integrirana grafika
2x EIZO EV2336WFS3-BK
23" 1920x1080 IPS
Dell Latitude 7390
intel i7 8650U, 1.90-4.20GHz, 4-core
32GB DDR4
512GB Samsung PM981, PCI-E 3.0 x4
intel UHD 620
13.3" FullHD IPS Touchscreen
|