Re: [Nolug] SSL bug

From: Andrew Rowland <andrewrowland.g_at_gmail.com>
Date: Tue, 8 Apr 2014 11:55:54 -0500
Message-ID: <CANct8sfJd=2raRYwSiP2UHpd4-gJ-MH8oUu1yb4mA7hysS8U=g@mail.gmail.com>

I'm not seeing any update packages from Cent os 6.5 via yum update. Any
ideas?

On Tue, Apr 8, 2014 at 11:42 AM, Joey Kelly <joey@joeykelly.net> wrote:

> On 04/08/2014 11:01 AM, John Souvestre wrote:
> > Hi Joey.
> >
> > Right!
> >
> > Also ...
> >
> > Version check:
> > Shell: openssl version -a
> > But: Many distributions repackage it and use their own
> version
> > number.
> > Test site: http://filippo.io/Heartbleed/
> >
> > John
> >
> > John Souvestre - New Orleans LA
>
>
> Here, go laugh at this: http://filippo.io/Heartbleed/#openssl.org:443
>
> --Joey
>
> >
> >
> > -----Original Message-----
> > From: owner-nolug@stoney.kellynet.org [mailto:
> owner-nolug@stoney.kellynet.org]
> > On Behalf Of Joey Kelly
> > Sent: Tue, April 08, 2014 10:53 am
> > To: undisclosed-recipients:
> > Subject: [Nolug] SSL bug
> >
> > http://heartbleed.com
> >
> > Guys,
> >
> > The guy that wrote the above needs to work on his english a little, but
> what's
> > described is bad. Very bad. If either end of an ssh or SSL connection
> (this
> > includes VPNs, IPsec, Puppet, secure websites, and other stuff) runs
> > vulnerable code (the site lists the versions in question), your stuff
> can be
> > owned. Log into your bank? An attacker can follow right after you and
> steal
> > all your money --- that bad.
> >
> > If you run Debian 7 or CentOS 6, you are vulnerable. Versions prior are
> safe
> > (I have no idea which versions of Ubuntu are based on which versions of
> > Debian, so if you run that, find out ASAP).
> >
> > Change all your SSL certs. Regenerate your ssh keys. Once that's done,
> change
> > any password (ssh, web login, you name it) that was used on a vulnerable
> > server. There is no telling if the bad guys knew about this before the
> bugs
> > were found, and no way of knowing if your stuff was accessed or not.
> >
> > This is a Big Deal.
> >
> > --
> > Joey Kelly
> > Minister of the Gospel and Linux Consultant http://joeykelly.net
> > 504-239-6550
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
> >
> ___________________
> Nolug mailing list
> nolug@nolug.org
> 

-- 
Andrew Rowland
Web Designer | Managing Partner
P.S. Designs
(618) 518-9009
http://puresimplicitydesigns.com  <http://puresimplicitydesigns.com>
"Simplicity is the ultimate sophistication." - Leonardo da Vinci
___________________
Nolug mailing list
nolug@nolug.org
Received on 04/08/14

This archive was generated by hypermail 2.2.0 : 04/08/14 EDT