On 04/08/2014 11:01 AM, John Souvestre wrote:
> Hi Joey.
>
> Right!
>
> Also ...
>
> Version check:
> Shell: openssl version -a
> But: Many distributions repackage it and use their own version
> number.
> Test site: http://filippo.io/Heartbleed/
>
> John
>
> John Souvestre - New Orleans LA
Here, go laugh at this: http://filippo.io/Heartbleed/#openssl.org:443
--Joey
>
>
> -----Original Message-----
> From: owner-nolug@stoney.kellynet.org [mailto:owner-nolug@stoney.kellynet.org]
> On Behalf Of Joey Kelly
> Sent: Tue, April 08, 2014 10:53 am
> To: undisclosed-recipients:
> Subject: [Nolug] SSL bug
>
> http://heartbleed.com
>
> Guys,
>
> The guy that wrote the above needs to work on his english a little, but what's
> described is bad. Very bad. If either end of an ssh or SSL connection (this
> includes VPNs, IPsec, Puppet, secure websites, and other stuff) runs
> vulnerable code (the site lists the versions in question), your stuff can be
> owned. Log into your bank? An attacker can follow right after you and steal
> all your money --- that bad.
>
> If you run Debian 7 or CentOS 6, you are vulnerable. Versions prior are safe
> (I have no idea which versions of Ubuntu are based on which versions of
> Debian, so if you run that, find out ASAP).
>
> Change all your SSL certs. Regenerate your ssh keys. Once that's done, change
> any password (ssh, web login, you name it) that was used on a vulnerable
> server. There is no telling if the bad guys knew about this before the bugs
> were found, and no way of knowing if your stuff was accessed or not.
>
> This is a Big Deal.
>
> --
> Joey Kelly
> Minister of the Gospel and Linux Consultant http://joeykelly.net
> 504-239-6550
> ___________________
> Nolug mailing list
> nolug@nolug.org
>
___________________
Nolug mailing list
nolug@nolug.org
Received on 04/08/14
This archive was generated by hypermail 2.2.0 : 04/08/14 EDT