Upcoming Events

International | Sci-Tech

no events match your query!

New Events

International

no events posted in last week

Blog Feeds

Anti-Empire

Anti-Empire

offsite link North Korea Increases Aid to Russia, Mos... Tue Nov 19, 2024 12:29 | Marko Marjanovi?

offsite link Trump Assembles a War Cabinet Sat Nov 16, 2024 10:29 | Marko Marjanovi?

offsite link Slavgrinder Ramps Up Into Overdrive Tue Nov 12, 2024 10:29 | Marko Marjanovi?

offsite link ?Existential? Culling to Continue on Com... Mon Nov 11, 2024 10:28 | Marko Marjanovi?

offsite link US to Deploy Military Contractors to Ukr... Sun Nov 10, 2024 02:37 | Field Empty

Anti-Empire >>

The Saker

Indymedia ireland

Indymedia Ireland is a volunteer-run non-commercial open publishing website for local and international news, opinion & analysis, press releases and events. Its main objective is to enable the public to participate in reporting and analysis of the news and other important events and aspects of our daily lives and thereby give a voice to people.

offsite link Fraud and mismanagement at University College Cork Thu Aug 28, 2025 18:30 | Calli Morganite
UCC has paid huge sums to a criminal professor
This story is not for republication. I bear responsibility for the things I write. I have read the guidelines and understand that I must not write anything untrue, and I won't.
This is a public interest story about a complete failure of governance and management at UCC.

offsite link Deliberate Design Flaw In ChatGPT-5 Sun Aug 17, 2025 08:04 | Mind Agent
Socratic Dialog Between ChatGPT-5 and Mind Agent Reveals Fatal and Deliberate 'Design by Construction' Flaw
This design flaw in ChatGPT-5's default epistemic mode subverts what the much touted ChatGPT-5 can do... so long as the flaw is not tickled, any usage should be fine---The epistemological question is: how would anyone in the public, includes you reading this (since no one is all knowing), in an unfamiliar domain know whether or not the flaw has been tickled when seeking information or understanding of a domain without prior knowledge of that domain???!

This analysis is a pretty unique and significant contribution to the space of empirical evaluation of LLMs that exist in AI public world... at least thus far, as far as I am aware! For what it's worth--as if anyone in the ChatGPT universe cares as they pile up on using the "PhD level scholar in your pocket".

According to GPT-5, and according to my tests, this flaw exists in all LLMs... What is revealing is the deduction GPT-5 made: Why ?design choice? starts looking like ?deliberate flaw?.

People are paying $200 a month to not just ChatGPT, but all major LLMs have similar Pro pricing! I bet they, like the normal user of free ChatGPT, stay in LLM's default mode where the flaw manifests itself. As it did in this evaluation.

offsite link AI Reach: Gemini Reasoning Question of God Sat Aug 02, 2025 20:00 | Mind Agent
Evaluating Semantic Reasoning Capability of AI Chatbot on Ontologically Deep Abstract (bias neutral) Thought
I have been evaluating AI Chatbot agents for their epistemic limits over the past two months, and have tested all major AI Agents, ChatGPT, Grok, Claude, Perplexity, and DeepSeek, for their epistemic limits and their negative impact as information gate-keepers.... Today I decided to test for how AI could be the boon for humanity in other positive areas, such as in completely abstract realms, such as metaphysical thought. Meaning, I wanted to test the LLMs for Positives beyond what most researchers benchmark these for, or have expressed in the approx. 2500 Turing tests in Humanity?s Last Exam.. And I chose as my first candidate, Google DeepMind's Gemini as I had not evaluated it before on anything.

offsite link Israeli Human Rights Group B'Tselem finally Admits It is Genocide releasing Our Genocide report Fri Aug 01, 2025 23:54 | 1 of indy
We have all known it for over 2 years that it is a genocide in Gaza
Israeli human rights group B'Tselem has finally admitted what everyone else outside Israel has known for two years is that the Israeli state is carrying out a genocide in Gaza

Western governments like the USA are complicit in it as they have been supplying the huge bombs and missiles used by Israel and dropped on innocent civilians in Gaza. One phone call from the USA regime could have ended it at any point. However many other countries are complicity with their tacit approval and neighboring Arab countries have been pretty spinless too in their support

With the release of this report titled: Our Genocide -there is a good chance this will make it okay for more people within Israel itself to speak out and do something about it despite the fact that many there are actually in support of the Gaza

offsite link China?s CITY WIDE CASH SEIZURES Begin ? ATMs Frozen, Digital Yuan FORCED Overnight Wed Jul 30, 2025 21:40 | 1 of indy
This story is unverified but it is very instructive of what will happen when cash is removed
THIS STORY IS UNVERIFIED BUT PLEASE WATCH THE VIDEO OR READ THE TRANSCRIPT AS IT GIVES AN VERY GOOD IDEA OF WHAT A CASHLESS SOCIETY WILL LOOK LIKE. And it ain't pretty

A single video report has come out of China claiming China's biggest cities are now cashless, not by choice, but by force. The report goes on to claim ATMs have gone dark, vaults are being emptied. And overnight (July 20 into 21), the digital yuan is the only currency allowed.

The Saker >>

Lockdown Skeptics

The Daily Sceptic

offsite link News Round-Up Sun Sep 28, 2025 00:29 | Will Jones
A summary of the most interesting stories in the past 24 hours that challenge the prevailing orthodoxy about the ?climate emergency?, public health ?crises? and the supposed moral defects of Western civilisation.
The post News Round-Up appeared first on The Daily Sceptic.

offsite link Kneecap Terror Case Thrown Out After Legal Blunder Sat Sep 27, 2025 15:00 | Will Jones
The terrorism charge against a?Kneecap rapper over his 'support for Hezbollah'?has been dropped after police and prosecutors failed to get the consent of the Attorney General in time.
The post Kneecap Terror Case Thrown Out After Legal Blunder appeared first on The Daily Sceptic.

offsite link Labour Has Turned Britain?s Constables into Commissars Sat Sep 27, 2025 13:00 | Will Jones
As yet another scandalous arrest over a tweet shows how Labour has turned Britain's constables into commissars, the public are right to draw a link between this clampdown on speech and 'two-tier Keir', says Laurie Wastell.
The post Labour Has Turned Britain’s Constables into Commissars appeared first on The Daily Sceptic.

offsite link Major Poll Finds Nigel Farage on Track for No 10 With 311 MPs Sat Sep 27, 2025 11:00 | Will Jones
A major poll has put Nigel Farage on track to be Britain's next Prime Minister with 311 MPs as Labour is set to lose more than 250 seats and the Tories are pushed into fourth.
The post Major Poll Finds Nigel Farage on Track for No 10 With 311 MPs appeared first on The Daily Sceptic.

offsite link Why the Right Must Take the High Ground When it Comes to Free Speech Sat Sep 27, 2025 09:00 | Toby Young
Tempting though it is, Donald Trump and his allies should refrain from trying to cancel their political opponents. Free speech is one of the core values that the defenders of Western civilisation should uphold.
The post Why the Right Must Take the High Ground When it Comes to Free Speech appeared first on The Daily Sceptic.

Lockdown Skeptics >>

Voltaire Network
Voltaire, international edition

offsite link Will intergovernmental institutions withstand the end of the "American Empire"?,... Sat Apr 05, 2025 07:15 | en

offsite link Voltaire, International Newsletter N?127 Sat Apr 05, 2025 06:38 | en

offsite link Disintegration of Western democracy begins in France Sat Apr 05, 2025 06:00 | en

offsite link Voltaire, International Newsletter N?126 Fri Mar 28, 2025 11:39 | en

offsite link The International Conference on Combating Anti-Semitism by Amichai Chikli and Na... Fri Mar 28, 2025 11:31 | en

Voltaire Network >>

The latest HEARTBLEED OpenSSL bug

category international | sci-tech | news report author Friday April 11, 2014 09:43author by wageslave Report this post to the editors

The false sense of security of the internet has been completely overturned by the latest security bug to be discovered. A bug in the popular OpenSSL library used by many of the most important and frequently used server sites on the net allows arbitrary chunks of memory to be read remotely from user machines and servers, possibly containing very sensitive data, user tokens, bank details, emails and passwords. What does all this mean and how did it happen and what can we do to protect ourselves?
heartbleed.png

The latest security hole to rock the internet in the wake of the Snowden revelations is pretty huge. A bug in the OpenSSL library means that client computers can read arbitrary chunks of memory from servers all over the internet. Apparently this has been the case for the last two years.

For those who don't understand what this means, an SSL library is being used whenever you see that padlock icon appear in the address area of your browser. This usually happens when you are connecting to a website which requires some privacy such as your banking site or your webmail or other such servers.

To put this in perspective, about 66% of internet servers use a particular OpenSSL library to manage these sensitive connections with their clients.

So what is the problem?
ok the problem is this. When your computer connects to a server using this OpenSSL library, your computer and the server have a protocol called a "heartbeat" whereby they exchange a bit of data back and forth at regular intervals to maintain the connection. If this heartbeat stops, the connection is closed. Makes sense. However an error was introduced in the code used in this process (Rather suspiciously it was on new years eve, December 31 2011, when few people were looking. ).

The error was as follows:
in order to maintain the heartbeat, crucially, the client sends a few pieces of data to the server
heartbeat_type, pl, payload

where heartbeat_type defines the information structure to be used,
pl is the length of "payload" in bytes
and "payload" is some arbitrary piece of data.

once the server gets this data, it temporarily stores the "payload" data in its memory somewhere.
It then uses the software function memcopy(bp,pl,payload) to copy this data into a suitably formatted data packet to transmit back to the client.

The client then receives the packet, and it knows the server is alive, the two computers communicate for a bit, or not as the case may be, then the heartbeat process is repeated again after a suitable interval. And so on until the client disconnects from the server

ok that all sounds fine. Or it would be assuming the client was not malicious. Because it turns out the client can "lie" to the server when setting up this heartbeat data. The client can pretend the payload is much larger than it actually is because as you may have noticed, the client sends both the length of the payload and the payload itself to the server. And crucially, the server does NOT check the length is actually correct. This is the crux of the problem. A "buffer underrun"

So if a malicious client connects to the server and sends a false length of "64K" (the largest size it will accept) but only sends one "byte" in the payload, then the server dutifully sends back 64k of data.

Now out of the 64k sent back by the server, only 1k is actually our original payload. So what exactly is in the rest of this data packet returned from our server? This is a very good question!. The answer is whatever was in the memory of the server adjacent to where it temporarily stored our payload. This could be absolutely anything. Security certificates, Passwords, IP addresses, emails, user security tokens, anything.
And if you stay connected to the server, you can do this all night until something juicy comes back in the response from the server.
No doubt you can see the problem now.

A malicious server can also do the same thing to any client that connects to it.

Was it intentional?
At the moment it is not clear whether it was malicious. However if you have been keeping up with the Edward Snowden revelations, you will know that the NSA are up to all sorts of tricks to get your information, and this one is basically an open door for them to read the memory of 66% of internet servers. This includes many of the top services we all use on a regular basis. They could also compromise anyone they can trick into connecting to one of their servers too. A tactic the Snowden leaks show that they do use. It's all certainly very suspicious, and the timing of this code change is particularly suspicious in my book. it looks like it may have been used to monitor IRC traffic which is where the likes of anonymous would be hanging out.
https://www.eff.org/deeplinks/2014/04/wild-heart-were-i...-2013

What should I do to protect myself?
It is suggested that you update your OS if you are using any of the flavours of linux which are using the compromised library version.
(OpenSSL versions 1.0.1 through 1.0.1f (inclusive) are vulnerable )
this ships with the following versions of linux:

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)

Update to OpenSSL version 1.0.1g as soon as you can through the usual system updating procedures for linux

Apple say their OSX is safe but if you are using OSX mavericks, they recommend updating to 10.9.2 just to be safe. Some free programs may use the library so they will need updating

Windows is not affected according to microsoft, although some free programs may use the OpenSSL library and they will need updating.

Alas, that is not the end of it. The bug has been in the wild for two years. There is always the possibility that your passwords etc may have been compromised on many of the internet servers you use. It is recommended you change all your passwords on the internet services you use.

It is highly recommended you wait until these servers have updated their security certificates and replaced any compromised SSL code on their servers and given the all clear before you log on and change your passwords

You should check out this site for some helpful information on some of the main sites, but it is by no means a full list:
http://mashable.com/2014/04/09/heartbleed-bug-websites-...cted/

The official site for information is here:
http://heartbleed.com/

For those of you who are a bit more technically minded, there is a good analysis here:
http://blog.existentialize.com/diagnosis-of-the-openssl....html

A simpler explanation here:
http://gizmodo.com/how-heartbleed-works-the-code-behind...41209

© 2001-2025 Independent Media Centre Ireland. Unless otherwise stated by the author, all content is free for non-commercial reuse, reprint, and rebroadcast, on the net and elsewhere. Opinions are those of the contributors and are not necessarily endorsed by Independent Media Centre Ireland. Disclaimer | Privacy