Talk Security

The 2nd CTF organised by NotSoSecure.com from the 18th to 20th of April was hit with a DNS Amplification DDoS attack midway through the event. Contestant voiced out on twitter but it took some hours to get everything back under control. Despite the DDoS, the organisers hailed the event as a successful one, though a lot of contestants were stuck at the 2nd flag even with hints from @notsosecure. The leaderboard can be seen at http://ctf.notsosecure.com/leaderboard/

What is the Heartbleed Bug ? The Heartbleed bug is a vulnerability in the OpenSSL cryptographic library that allows stealing of information normally protected by the SSL/TLS encryption used to secure the Internet. OpenSSL is open-source software that is widely used to encrypt web communications. SSL/TLS is what normally provides secure and private communication over the Internet via websites, email, IM, and VPNs. According to CNET , an attacker can exploit Heartbleed to essentially “get copies of a server's digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.” The versions of OpenSSL that are affected, version 1.0.1 and 1.02-beta release have been widely deployed for some time. The bug has been described as a program error, and a fix has been published for the 1.01 program in OpenSSL 1.01g. The bug was found in the heartbeat extension (RFC6520) of the Transport Layer Security/Datagram Transport Layer Sec