[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

Dave Morley davmor2 at davmor2.co.uk
Tue Apr 8 18:43:36 UTC 2014

On 08/04/14 19:38, Andy Wootton wrote:
> I heard about this last night (via a Twitter doge joke) but SSL was
> upgraded when I logged into Ubuntu this morning. There was some advice
> about changing your VPN keys somewhere, if you're very concerned about
> security.
> "so compromise"
> Woo
> On 08/04/14 18:13, Mark Croft wrote:
>> just reading this from devon linux user group , sounds serious ,
>> bugs/flaw/hole in cryptographic software library
>> "Researchers have discovered an extremely critical defect in the
>> cryptographic software library an estimated two-thirds of Web servers
>> use to identify themselves to end users and prevent the eavesdropping
>> of passwords, banking credentials, and other sensitive data."
>> ---------- Forwarded message ----------
>> From: Martijn Grooten <martijn at lapsedordinary.net>
>> Date: 8 April 2014 09:10
>> Subject: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
>> To: list at dcglug.org.uk
>> Things rarely get more serious than this:
>> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>> http://heartbleed.com/
>> Martijn.

So the fix for Ubuntu is already out,  Freenode had an outage this
morning as their reboot for the SSL fix went into place.  On the whole I
think we are looking good for the fix Everyone updating and revoking and
replacing their SSL keys on the other hand could take any amount of time :(

You make it, I'll break it!

I love my job :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20140408/21b72e4c/attachment.pgp>

More information about the Wolves mailing list