[Wolves] Fwd: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability

Peter Cannon dick_turpin at archlinux.us
Wed Apr 9 08:04:14 UTC 2014

On 08/04/14 18:13, Mark Croft wrote:
> just reading this from devon linux user group , sounds serious ,
> bugs/flaw/hole in cryptographic software library
> "Researchers have discovered an extremely critical defect in the
> cryptographic software library an estimated two-thirds of Web servers
> use to identify themselves to end users and prevent the eavesdropping
> of passwords, banking credentials, and other sensitive data."

Linux/FOSS is starting to have more holes than Windows ever had. Only a few weeks ago on the podcast we talked about the GNUTLS bug. http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/
Gone are the days when we had something to crow about. The only positive to come out of this is it was fixed within a couple of hours but lets not forget its been around since 2012 for Pete's sake!

Peter Cannon

IRC: dick_turpin @ freenode.net
Podcast: http://tdtrs.co.uk
"There is every excuse for not knowing
There is no excuse for not asking"

More information about the Wolves mailing list