[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

[David Goodwin]

> It's a pretty serious bug, as it allows the attacker to reveal upto 
> 64KiB of  private memory, this could potentially include the SSL 
> private keys!
> The bug does only affect OpenSSL version 1.0.1 (and 1.0.2) but it 
> affects anything using OpenSSL, eg: Apache HTTPD, OpenVPN, etc.

Yes. Unfortunately it's the case that if you hadn't upgraded to Debian 
Wheezy (and were still on Squeeze) that you would have been safe. 
Annoyingly I upgraded my mail server less than a week ago :-(

Now to question which banks (if any) have been compromised/hit

See also : https://lwn.net/Articles/593683/


David


--
David Goodwin
http://codepoets.co.uk