[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
Dave Morley
davmor2 at davmor2.co.uk
Tue Apr 8 18:43:36 UTC 2014
On 08/04/14 19:38, Andy Wootton wrote:
> I heard about this last night (via a Twitter doge joke) but SSL was
> upgraded when I logged into Ubuntu this morning. There was some advice
> about changing your VPN keys somewhere, if you're very concerned about
> security.
>
> "so compromise"
>
> Woo
>
> On 08/04/14 18:13, Mark Croft wrote:
>> just reading this from devon linux user group , sounds serious ,
>> bugs/flaw/hole in cryptographic software library
>>
>> "Researchers have discovered an extremely critical defect in the
>> cryptographic software library an estimated two-thirds of Web servers
>> use to identify themselves to end users and prevent the eavesdropping
>> of passwords, banking credentials, and other sensitive data."
>>
>>
>> ---------- Forwarded message ----------
>> From: Martijn Grooten <martijn at lapsedordinary.net>
>> Date: 8 April 2014 09:10
>> Subject: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
>> To: list at dcglug.org.uk
>>
>>
>> Things rarely get more serious than this:
>>
>> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>>
>> http://heartbleed.com/
>>
>> Martijn.
>>
>>
So the fix for Ubuntu is already out, Freenode had an outage this
morning as their reboot for the SSL fix went into place. On the whole I
think we are looking good for the fix Everyone updating and revoking and
replacing their SSL keys on the other hand could take any amount of time :(
--
You make it, I'll break it!
I love my job :)
http://www.ubuntu.com
http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20140408/21b72e4c/attachment.pgp>
More information about the Wolves
mailing list