iPredict.co.nz site vulnerability

iPredict.co.nz site vulnerability A software vulnerability in the OpenSSL library has been reported that can expose the private RSA keys of a site to an attacker. This has been named the 'Heartbleed Bug' vulnerability, and it means that communications with vulnerable sites can not be considered secure. You can read more about the bug here: [heartbleed.com] QuoteThe Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. iPredict is a vulnerable site, as identified here: [filippo.io]. You can read more technical information about what this means here: [www.mattslifebytes.com] In particular: Quote...the currently-available proof-of-concept scripts allow any client, anywhere in the world, to perform a session hijacking attack of a logged in user. iPredict needs to upgrade their OpenSSL library to a safe version (refer [www.openssl.org]) then revoke and replace the existing SSL certificate. iPredict users: if you are using your iPredict password elsewhere, change those passwords on other sites immediately. iPredict should force a password reset once the issue is fixed, but if they don't, you should change it yourself. /forum/read.php?13,32682,32682#msg-32682 Fri, 28 Apr 2017 21:21:07 +0000 Phorum 5.2.20 /forum/read.php?13,32682,32689#msg-32689 Re: iPredict.co.nz site vulnerability /forum/read.php?13,32682,32689#msg-32689 Hamish Bug Report Mon, 14 Apr 2014 01:06:39 +0000 /forum/read.php?13,32682,32684#msg-32684 Re: iPredict.co.nz site vulnerability /forum/read.php?13,32682,32684#msg-32684 admin Bug Report Thu, 10 Apr 2014 02:52:51 +0000 /forum/read.php?13,32682,32683#msg-32683 Re: iPredict.co.nz site vulnerability /forum/read.php?13,32682,32683#msg-32683 maxb Bug Report Thu, 10 Apr 2014 02:03:27 +0000 /forum/read.php?13,32682,32682#msg-32682 iPredict.co.nz site vulnerability /forum/read.php?13,32682,32682#msg-32682
You can read more about the bug here: [heartbleed.com]

Quote

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

iPredict is a vulnerable site, as identified here: [filippo.io].

You can read more technical information about what this means here: [www.mattslifebytes.com]

In particular:

Quote

...the currently-available proof-of-concept scripts allow any client, anywhere in the world, to perform a session hijacking attack of a logged in user.

iPredict needs to upgrade their OpenSSL library to a safe version (refer [www.openssl.org]) then revoke and replace the existing SSL certificate.

iPredict users: if you are using your iPredict password elsewhere, change those passwords on other sites immediately. iPredict should force a password reset once the issue is fixed, but if they don't, you should change it yourself.]]> Hamish Bug Report Wed, 09 Apr 2014 08:21:48 +0000