When we talk about OpenSSL, we are talking about the security on the Internet, on especially user authentication but recently on 7th of April, the security flaw found and it’s serious!
So what to do?
Check Your Server
Check it if your server could be in this danger.
I found an online tool that hopes that it will help: http://possible.lv/tools/hb/
Here is my test on one server, I have found:
ext 00015 (heartbeat, length=1) <-- Your server supports heartbeat. Bug is possible when linking against OpenSSL 1.0.1f or older. Let me check.
<b>Actively checking if CVE-2014-0160 works:</b> Your server appears to be patched against this bug.
According to the patch info of the OpenSSL (CVE-2014-0160), we need to:
- Use OpenSSL version 1.0.1g
- Or recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS
- And OpenSSL version 1.0.2 will be fixed in 1.0.2-beta2
OpenSSL Security Advisory [07 Apr 2014]
TLS heartbeat read overrun (CVE-2014-0160)
A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <email@example.com> and Bodo Moeller <firstname.lastname@example.org> for
preparing the fix.
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
1.0.2 will be fixed in 1.0.2-beta2.
Have you read yet about Google announced today about adding Angkor Wat of Cambodia in Google Street View?
Let’s look to some snapshots here, I’m so excited to see my country showing to the world.
Here, let’s call:
Technology brings people closers to any place, Thank Google!!!
Angkor Wat, Front View
Sacred Tree, Ta Prohm Temple
Bayon Temple’s Compound
Banteay Srey Temple
Here are some view of the temples in Siem Reap in Cambodia, you can also visit more places via Google Street View from here.
Just recently, some people told me that we cannot download JDK or other products from Oracle website anymore. I have tested and found as they said, Cambodia is in Oracle’s blacklist:
Thank you for accessing the Oracle Software Delivery Cloud. Due to your country location, we are unable to process your request. If you have an active support contract, you may request physical media by either submitting a Service Request or calling Customer Support. If you wish to purchase or evaluate our products on a 30-day trial please contact the appropriate Sales Representative for your country.
That will be a big problem for us now.
I can proceed some download from Java.net but any download from Oracle.com is unable to do.
Webmaker in Khmer
The Webmaker of Mozilla Foundation has now released the Khmer language version: https://webmaker.org/km/
Thanks for all our Khmer community to translate this great tool.
ownCloud, one of a popular file sync. on cloud opensource product is now being translated into Khmer language. The translation is still in progress, there are a lot of words to be translated there.
ownCloud is a product in similar to dropbox or Google drive. It’s written in PHP, it also has a client synchronization.
ownCloud is now being using in some places in Cambodia now.
We hope to have it ready for our Khmer community.
Are you using ownCloud in Cambodia? Drop a comment to let us know about that.
Join our translation team at Transifex.