explain xkcd - User contributions [en]

Talk:1363: xkcd Phone

2014-05-02T06:29:26Z

Jonv4n:

Where can i get one of these? :D [[User:UniTrader|UniTrader]] ([[User talk:UniTrader|talk]]) 04:11, 2 May 2014 (UTC)

I'm pretty sure the "scream when falling" thing and the "flightaware" stuff can be done somehow with Tasker. [[Special:Contributions/141.101.103.206|141.101.103.206]] 04:23, 2 May 2014 (UTC)

;Designer?

I suspect it was either Black Hat or Beret Guy, but I'm not sure which. A collaboration? [[Special:Contributions/173.245.54.45|173.245.54.45]] 04:47, 2 May 2014 (UTC)

This sounds like something straight out of aperture. {{unsigned ip|108.162.221.55}}

;Simulates alternate speeds of light

Yes, useless as a feature on all the time; but it would be a cool app. [[User:Markhurd|Mark Hurd]] ([[User talk:Markhurd|talk]]) 05:57, 2 May 2014 (UTC)
:Absolutely. Where can I get an app like that?[[Special:Contributions/108.162.225.157|108.162.225.157]] 06:22, 2 May 2014 (UTC)

'''Changed the speed of light to 2.99x10^8'''

Yeah sorry forgot to login. does anyone know how to do the indices formatting other than eg 2.99x10(littlex) rather then 2.99x10^x? [[User:Jonv4n|Jonv4n]] ([[User talk:Jonv4n|talk]]) 06:29, 2 May 2014 (UTC)

Talk:1363: xkcd Phone

2014-05-02T06:27:36Z

Jonv4n:

Where can i get one of these? :D [[User:UniTrader|UniTrader]] ([[User talk:UniTrader|talk]]) 04:11, 2 May 2014 (UTC)

I'm pretty sure the "scream when falling" thing and the "flightaware" stuff can be done somehow with Tasker. [[Special:Contributions/141.101.103.206|141.101.103.206]] 04:23, 2 May 2014 (UTC)

;Designer?

I suspect it was either Black Hat or Beret Guy, but I'm not sure which. A collaboration? [[Special:Contributions/173.245.54.45|173.245.54.45]] 04:47, 2 May 2014 (UTC)

This sounds like something straight out of aperture. {{unsigned ip|108.162.221.55}}

;Simulates alternate speeds of light

Yes, useless as a feature on all the time; but it would be a cool app. [[User:Markhurd|Mark Hurd]] ([[User talk:Markhurd|talk]]) 05:57, 2 May 2014 (UTC)
:Absolutely. Where can I get an app like that?[[Special:Contributions/108.162.225.157|108.162.225.157]] 06:22, 2 May 2014 (UTC)

'''Changed the speed of light to 2.99x10^6'''
Yeah sorry forgot to login. does anyone know how to do the indices formatting other than eg 2.99x10(littlex) rather then 2.99x10^x?

Talk:1353: Heartbleed

2014-04-09T08:07:55Z

Jonv4n: Suggestion

I added a transcript, if I messed up on anything, I'm sorry! [[Special:Contributions/173.245.55.73|173.245.55.73]] 06:08, 9 April 2014 (UTC)
:Thanks for the transcript! (nothing seems messed up) [[Special:Contributions/141.101.88.206|141.101.88.206]] 06:41, 9 April 2014 (UTC)
::But wait! You forgot a comma! (It's okay, I fixed it :) ) [[Special:Contributions/108.162.216.67|108.162.216.67]] 06:47, 9 April 2014 (UTC)

The alt-text contains a reference to the scene "Tears in the rain" of Blade Runner [[Special:Contributions/173.245.49.90|173.245.49.90]] 06:19, 9 April 2014 (UTC)

Is Explainxkcd using Open SSL? [[User:Jonv4n|Jonv4n]] ([[User talk:Jonv4n|talk]]) 06:56, 9 April 2014 (UTC)

I'd just like to take this moment to say that even though you probably don't have anything of value stored here, Explain xkcd is good on the Heartbleed front. Not using any of the affected software because the data we handle isn't private at all probably helps with that. And yes, Mediawiki hashes your passwords before they're sent. '''[[User:Davidy22|{{Color|#707|David}}y²²]]'''[[User talk:Davidy22|<tt>[talk]</tt>]] 07:18, 9 April 2014 (UTC)

Have the following from [http://www.openssl.org/news/secadv_20140407.txt OpenSSL Bug Report]
Should this be incorperated into the main explanation, and how should it be formated
[[User:Jonv4n|Jonv4n]] ([[User talk:Jonv4n|talk]]) 08:07, 9 April 2014 (UTC)
----

OpenSSL Security Advisory [07 Apr 2014]
========================================

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

----

Talk:1353: Heartbleed

2014-04-09T06:56:53Z

Jonv4n:

1353: Heartbleed

2014-04-09T06:53:59Z

Jonv4n: /* Explanation */ Added link to a nvd.nist.gov page on CVE 2014 0160

{{comic
| number = 1353
| date = April 9, 2014
| title = Heartbleed
| image = heartbleed.png
| titletext = I looked at some of the data dumps from vulnerable sites, and it was ... bad. I saw emails, passwords, password hints. SSL keys and session cookies. Important servers brimming with visitor IPs. Attack ships on fire off the shoulder of Orion, c-beams glittering in the dark near the Tannhäuser Gate. I should probably patch OpenSSL.
}}

==Explanation==
"Heartbleed" refers to a critical bug in the OpenSSL security library. This bug was publicly released on Monday, april 7th.
Due to a programming error in OpenSSL versions 1.0.1 through 1.0.1f (inclusive), attackers could read random server memory by sending specially prepared heartbeat signals to an affected server.
This exploit allows attackers to obtain random pieces of information, including, but not limited to, the servers private key(!!!), in-memory passwords, contents of open files, and much more.
More information is available at [http://heartbleed.com heartbleed.com] or under CVE-2014-0160, [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 CVE-2014-0160 at nvd.nist.gov]

This bug is classified as extremely critical due to the potential of unveiling the servers private key, enabling anyone to impersonate the server and/or decrypt all traffic to it (unless "perfect forward secrecy" ciphers is used, which is currently rare).
Furthermore, because the exploit occurs in the handshake phase of setting up a connection, no traces of it are logged.
I.E. You can be attacked and never be the wiser.

The mouseover text cites the [http://en.wikipedia.org/wiki/Tears_in_rain_soliloquy Tears in rain soliloquy], the dying words of the replicant and main antagonist Roy Batty (played by {{w|Rutger Hauer}} ) in [http://en.wikipedia.org/wiki/Blade_Runner Blade Runner].

==Transcript==
:Megan: Heartbleed must be the worst web security lapse ever.
:Cueball: Worst so far. Give us time.
:Megan: I mean, this bug isn't just broken encryption.
:Megan: It lets website visitors make a server dispense random memory contents.
:Megan: It's not just keys. It's traffic data. Emails. Passwords. Erotic faniction.
:Cueball: Is '''everything''' compromised?
:Megan: Well, the attack is limited to data stored in computer memory.
:Cueball: So paper is safe. And clay tablets.
:Megan: Our imaginations, too.
:Cueball: See, we'll be fine.

{{comic discussion}}

1353: Heartbleed

2014-04-09T06:37:53Z

Jonv4n: /* Explanation */

{{comic
| number = 1353
| date = April 9, 2014
| title = Heartbleed
| image = heartbleed.png
| titletext = I looked at some of the data dumps from vulnerable sites, and it was ... bad. I saw emails, passwords, password hints. SSL keys and session cookies. Important servers brimming with visitor IPs. Attack ships on fire off the shoulder of Orion, c-beams glittering in the dark near the Tannhäuser Gate. I should probably patch OpenSSL.
}}

==Explanation==
"Heartbleed" refers to a critical bug in the OpenSSL security library. This bug was publicly released on Monday, april 7th.
Due to a programming error in OpenSSL versions 1.0.1 through 1.0.1f (inclusive), attackers could read random server memory by sending specially prepared heartbeat signals to an affected server.
This exploit allows attackers to obtain random pieces of information, including, but not limited to, the servers private key(!!!), in-memory passwords, contents of open files, and much more.
More information is available at [http://heartbleed.com heartbleed.com]

The mouseover text cites the [http://en.wikipedia.org/wiki/Tears_in_rain_soliloquy Tears in rain soliloquy], the dying words of the replicant and main antagonist Roy Batty (played by Rutger Hauer) in [http://en.wikipedia.org/wiki/Blade_Runner Blade Runner].

{{incomplete|Created by a BOT - Please change this comment when editing this page.}}

==Transcript==
:Megan: Heartbleed must be the worst web security lapse ever.
:Cueball: Worst so far. Give us time.
:Megan: I mean, this bug isn't just broken encryption.
:Megan: It lets website visitors make a server dispense random memory contents.
:Megan: It's not just keys. It's traffic data. Emails. Passwords. Erotic faniction.
:Cueball: Is '''everything''' compromised?
:Megan: Well, the attack is limited to data stored in computer memory.
:Cueball: So paper is safe. And clay tablets.
:Megan: Our imaginations too.
:Cueball: See, we'll be fine.

{{comic discussion}}