[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
Peter Cannon
dick_turpin at archlinux.us
Wed Apr 9 08:04:14 UTC 2014
On 08/04/14 18:13, Mark Croft wrote:
> just reading this from devon linux user group , sounds serious ,
> bugs/flaw/hole in cryptographic software library
>
> "Researchers have discovered an extremely critical defect in the
> cryptographic software library an estimated two-thirds of Web servers
> use to identify themselves to end users and prevent the eavesdropping
> of passwords, banking credentials, and other sensitive data."
Linux/FOSS is starting to have more holes than Windows ever had. Only a few weeks ago on the podcast we talked about the GNUTLS bug. http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/
Gone are the days when we had something to crow about. The only positive to come out of this is it was fixed within a couple of hours but lets not forget its been around since 2012 for Pete's sake!
--
Regards
Peter Cannon
IRC: dick_turpin @ freenode.net
https://twitter.com/dick_turpin
http://www.cannon-linux.co.uk
https://plus.google.com/100694334141523232451/posts
Podcast: http://tdtrs.co.uk
"There is every excuse for not knowing
There is no excuse for not asking"
More information about the Wolves
mailing list