[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

Chris Ellis chris at intrbiz.com
Tue Apr 8 18:47:46 UTC 2014


On Tue, Apr 8, 2014 at 7:42 PM, Dave Morley <davmor2 at davmor2.co.uk> wrote:

> On 08/04/14 19:38, Andy Wootton wrote:
> > I heard about this last night (via a Twitter doge joke) but SSL was
> > upgraded when I logged into Ubuntu this morning. There was some advice
> > about changing your VPN keys somewhere, if you're very concerned about
> > security.
> >
> > "so compromise"
> >
> > Woo
> >
> > On 08/04/14 18:13, Mark Croft wrote:
> >> just reading this from devon linux user group , sounds serious ,
> >> bugs/flaw/hole in cryptographic software library
> >>
> >> "Researchers have discovered an extremely critical defect in the
> >> cryptographic software library an estimated two-thirds of Web servers
> >> use to identify themselves to end users and prevent the eavesdropping
> >> of passwords, banking credentials, and other sensitive data."
> >>
> >>
> >> ---------- Forwarded message ----------
> >> From: Martijn Grooten <martijn at lapsedordinary.net>
> >> Date: 8 April 2014 09:10
> >> Subject: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
> >> To: list at dcglug.org.uk
> >>
> >>
> >> Things rarely get more serious than this:
> >>
> >>
> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
> >>
> >> http://heartbleed.com/
> >>
> >> Martijn.
> >>
> >>
>
> So the fix for Ubuntu is already out,  Freenode had an outage this
> morning as their reboot for the SSL fix went into place.  On the whole I
> think we are looking good for the fix Everyone updating and revoking and
> replacing their SSL keys on the other hand could take any amount of time :(
>

Indeed the CA's might be busy over the next few weeks.  GitHub has gone to
the
extent of reissuing and revoking their SSL keys:
https://github.com/blog/1818-security-heartbleed-vulnerability
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20140408/2d033f16/attachment-0001.html>


More information about the Wolves mailing list