Re: [Nolug] SSL bug

From: Brad Bendily <bendily_at_gmail.com>
Date: Tue, 8 Apr 2014 11:01:32 -0500
Message-ID: <CACpJzDSALXCfYUrZqPkLVPCguX=tvcL6ftwh+vZRo6wsvNePjw@mail.gmail.com>

Red Hat has released a fix for their OS:
https://rhn.redhat.com/errata/RHSA-2014-0376.html

On Tue, Apr 8, 2014 at 10:52 AM, Joey Kelly <joey@joeykelly.net> wrote:
> http://heartbleed.com
>
> Guys,
>
> The guy that wrote the above needs to work on his english a little, but
> what's described is bad. Very bad. If either end of an ssh or SSL
> connection (this includes VPNs, IPsec, Puppet, secure websites, and
> other stuff) runs vulnerable code (the site lists the versions in
> question), your stuff can be owned. Log into your bank? An attacker can
> follow right after you and steal all your money --- that bad.
>
> If you run Debian 7 or CentOS 6, you are vulnerable. Versions prior are
> safe (I have no idea which versions of Ubuntu are based on which
> versions of Debian, so if you run that, find out ASAP).
>
> Change all your SSL certs. Regenerate your ssh keys. Once that's done,
> change any password (ssh, web login, you name it) that was used on a
> vulnerable server. There is no telling if the bad guys knew about this
> before the bugs were found, and no way of knowing if your stuff was
> accessed or not.
>
> This is a Big Deal.
>
> --
> Joey Kelly
> Minister of the Gospel and Linux Consultant
> http://joeykelly.net
> 504-239-6550
> ___________________
> Nolug mailing list
> nolug@nolug.org

-- 
Have Mercy & Say Yeah
___________________
Nolug mailing list
nolug@nolug.org
Received on 04/08/14

This archive was generated by hypermail 2.2.0 : 04/08/14 EDT