[Nottingham] You think https is secure !!!
Paul
reclusivegeek at yahoo.co.uk
Tue Apr 8 12:58:51 UTC 2014
Actually the problem is far larger than just websites. The OpenSSL
library is used by python, php, mysql, SMTP, imap, VoIP, and the list
goes on. Oh and don't forget all the plugins etc as well.
Yep its going to be a long week. Best get the pizza and coffee ordered
in bulk.
On Tue, 2014-04-08 at 13:36 +0100, Kurtis Brown wrote:
> Yep some really big sites are still wide open, many returning plain
> text usernames and passwords etc.
>
>
> You can check your own site @ http://filippo.io/Heartbleed/
>
>
> Cheers
>
>
> Kurtis
>
>
>
>
> On Tue, Apr 8, 2014 at 1:28 PM, Jason Irwin <jasonirwin73 at gmail.com>
> wrote:
> On 08/04/14 12:58, Paul wrote:
> > I think you may find this article very interesting. It looks
> like all
> > SSL secured connections have been vulnerable for some time.
> > http://www.bbc.co.uk/news/technology-26935905
>
> The bug seems to have existed for about 2 years, has been
> patched in
> around 24 hours.
>
> The code is walked through here:
> http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html
>
> After you've updated, the advice seems to be to get new x509
> certs and
> change any passwords that might have been exposed.
>
> Going to be a long day/week for some people....
>
> --
> ╔═════════════╦══════════════════════════════════════════╗
> ║ Jason Irwin ║ OpenPGP (GPG/PGP) Public Key: 0xD0C592B1 ║
> ║ ║ Import from hkp://subkeys.pgp.net ║
> ╚═════════════╩══════════════════════════════════════════╝
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham
>
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham
More information about the Nottingham
mailing list