Jump to content
🎅🎄 Signup today to get free TorrentLeech or ProAudioTorrents Invite! Get access to premium trackers, free seedboxes by signing up. Buy, Trade, Sell Or Find Free Invites for HDBits, PTP, Empornium, PrivateHD, Sinderella, etc 🎅🎄 ×

Massive Linux security flaw dwarfs Apple’s cryptography problems of just last week - Piracy News and Crypto Updates - InviteHawk - Your Only Source for Free Torrent Invites

Buy, Sell, Trade or Find Free Torrent Invites for Private Torrent Trackers Such As redacted, blutopia, losslessclub, femdomcult, filelist, Chdbits, Uhdbits, empornium, iptorrents, hdbits, gazellegames, animebytes, privatehd, myspleen, torrentleech, morethantv, bibliotik, alpharatio, blady, passthepopcorn, brokenstones, pornbay, cgpeers, cinemageddon, broadcasthenet, learnbits, torrentseeds, beyondhd, cinemaz, u2.dmhy, Karagarga, PTerclub, Nyaa.si, Polishtracker etc.

Sponsored Seedbox | VPN
Request Free IPTV Trial

Massive Linux security flaw dwarfs Apple’s cryptography problems of just last week

reaper

By reaper,
in Piracy News and Crypto Updates

 Share

Recommended Posts

reaper Forum Royalty

reaper

A newly discovered bug in the popular GnuTLS library has the potential to dwarf Apple’s SSL encryption problems of just last week, thanks to a similar error with error checks and notifications. That’s quite a feat, considering that the Apple “Goto Fail” bug impacted millions of devices running both iOS and OS X, but the bug in GnuTLS looks like it will be far bigger. Over 200 applications have been identified that depend on GnuTLS — and the actual list is likely much, much higher.

According to Ars Technica, the problem here is similar in type to the issue that tripped up Apple. In both cases, incorrect code short-circuited the functions that are supposed to verify whether or not a proper SSL certification has actually been presented. Red Hat found the error during a security audit and describes it thus: “It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.”

Goto Fail 2: Fail Harder

The good news is, patches are already in place for this problem. The bad news is, it’s going to take a long time to tease out exactly which products are affected. Because GnuTLS is open source, it’s not as if the organization has a checklist it can pull to contact every vendor that uses its software. Furthermore, the flaw may go all the way back to the initial code — the organization’s website states that anyone who uses certificate authentication in any version of GnuTLS is affected by the vulnerability.

The list of impacted software is enormous. Cryptographic code signing is thought to protect against exploits in most Linux distros, but Cisco’s VPN software apparently relies on GnuTLS, to name just one company. Web hosts or online services that rely on GnuTLS will have to update their own software to guard users against man-in-the-middle attacks. Inevitably, there are going to be applications that aren’t ever updated, which will leave consumers vulnerable.

The fact that similar code errors have been found in critical software that secures a great deal of back-end infrastructure as well as personal devices hopefully means that more companies are examining the guts of their security code more thoroughly. The NSA revelations of the past 12 months have been light on technical details, but the NSA clearly has sophisticated access to certain systems thanks to security flaws and hidden capabilities. Hopefully patching issues like this removes a few arrows from the government’s quiver — though if the NSA was, in fact, aware of either bug, it would mean the government deliberately left consumers and businesses exposed to potential malware to suit its own purposes. That wouldn’t surprise many people in today’s climate, but it would be a far cry from the 1970s when the NSA deliberately improved the DES standard to better guard against a then-unknown attack vector it felt might emerge in the future.

  • Upvote 1
Link to comment
Share on other sites
The last post in this topic was made more than 14 days ago. Only post in this topic if you have something valuable to add. Irrelevant posts are not allowed and you will be warned/banned for spamming old topics.

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Customer Reviews

    lazytime77
    Wow! This is my first time buying an invite from J.Stash (and on InviteHawk) and I am very happy with the results. This is 100% the real deal. I'll keep coming back for more. Thank you so much for putting this site up. This place is a gem!
    GlitterBow6
    An excellent experience from start to finish! J.Stash was very knowledgeable and responsive throughout the entire process. What's more, J.Stash was highly professional and courteous, always taking time to answer any questions that I had. I greatly recommend this seller and would definitely purchase from J.Stash again!!
    goon64
    J.Stash has my full recommendation. It's rare to work with a seller who possesses and demonstrates not just integrity and quick delivery, but Ethan also went above and beyond when there were issues with the product (not his fault at all). Thank you J.Stash.
    insomniac
    Purchased an invite from J.Stash, the seller was very professional and fast with their turn around times. The price was amazing and the whole site is absolutely amazing. will definitely purchase more from him. I have been searching for an invite for this website for many months and J.Stash solved my request faster than lightning.
    ChocoPie
    Bought Crunchyroll Premium upgrade from J.Stash It works, my account is now premium and I have access to all the shows! Thanks a lot J.Stash for having this wonderful service among many other amazing services in your portfolio! Highly recommend purchasing from J.Stash! This is one of the many successful orders he has processed for me!
    ChocoPie
    Registered an account on InviteHawk and placed an order for 6 different trackers with J.Stash Got all of them delivered in less than 60 mins! How does he do it? 🙂 He is brilliantly fast! Absolutely love his service and communication efforts! Thanks J.Stash! You rock 🙂 This has been by far the best experience I have ever had buying invites for private trackers.
    capri28790
    Everything went just perfect. He makes me a very good impression both as person and as professional seller. Glad I found this site and met him virtually here. I wish I could spread the word about, but since this is not quit a good idea, I just want to share with other users here my best appreciations regarding J.Stash. Highly recommended: good communication, safe shop, fast delivery.
    BUTTHEADBILL
    Purchased a Spotify upgrade through him and used bitcoin and found the entire experience to be great. I am a total newbie to this site. And I wasn't sure what to expect. I am so amazed at how fast this was handled and how great everything went.
    renascor
    In all my years of finding affordable services throughout the web, I have found no provider more responsive, more committed to excellent customer service, or more accountable to keeping to the terms of the services being obtained. When something stops working, the issues are addressed ASAP. When any questions arrive, they are responded to promptly. When situations arrive post service rendered even months down the road, J.Stash has your back to help navigate through them. Highly recommended.
    flipsie
    Bought a VIP access to the forum and got exactly what I wanted+more within reasonable time! Second time buying from J.Stash and my experience was exceptional, like last time. Would definitely buy from him again in there near future.

  • Similar Topics

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept