[ale] OpenSSL Broken, Upgrade Now

dev null zero two dev.null.02 at gmail.com
Mon Apr 7 19:33:22 EDT 2014


saw this on Twitter:
@gamamb: show processes using deleted version of openssl:    lsof -n | grep
ssl | grep DEL

Sent from my mobile. Please excuse the brevity, spelling, and punctuation.
On Apr 7, 2014 7:16 PM, "David Tomaschik" <david at systemoverlord.com> wrote:

> TL;DR: Upgrade OpenSSL to >= 1.0.1g immediately, consider replacing keys.
>  Not as bad as Debian OpenSSL bug, but worse than "goto fail;".
>
> "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
> cryptographic software library. This weakness allows stealing the
> information protected, under normal conditions, by the SSL/TLS encryption
> used to secure the Internet. SSL/TLS provides communication security and
> privacy over the Internet for applications such as web, email, instant
> messaging (IM) and some virtual private networks (VPNs).
>
> The Heartbleed bug allows anyone on the Internet to read the memory of the
> systems protected by the vulnerable versions of the OpenSSL software. This
> compromises the secret keys used to identify the service providers and to
> encrypt the traffic, the names and passwords of the users and the actual
> content. This allows attackers to eavesdrop communications, steal data
> directly from the services and users and to impersonate services and users."
>
> http://heartbleed.com
>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140407/c098bfd9/attachment.html>


More information about the Ale mailing list