Apple sent fixes out a month or so ago.. .Re: [Nolug] SSL bug

From: Me <pmheart6_at_yahoo.com>
Date: Tue, 8 Apr 2014 16:17:24 -0700 (PDT)
Message-ID: <1396999044.88921.YahooMailNeo@web184702.mail.ne1.yahoo.com>

Apple uses OpenSSL? I believe this was a month ago, and was affecting a major portion of there devices. https://www.youtube.com/watch?v=WYDwPw-S9m8 Did they inform the OpenSSL community, or did they keep it a secret.    -- Patrick M. BLA/LMT -- Rigger Communications & Media Consult -- Massage Therapist PnM Resources -- Follow me #: 800-901-1089 ________________________________ From: Joey Kelly <joey@joeykelly.net> To: nolug@nolug.org Sent: Tuesday, April 8, 2014 11:42 AM Subject: Re: [Nolug] SSL bug On 04/08/2014 11:01 AM, John Souvestre wrote: > Hi Joey. > > Right! > > Also ... > > Version check: >      Shell:  openssl version -a >            But:  Many distributions repackage it and use their own version > number. >      Test site:  http://filippo.io/Heartbleed/ > > John > >    John Souvestre - New Orleans LA Here, go laugh at this: http://filippo.io/Heartbleed/#openssl.org:443 --Joey > > > -----Original Message----- > From: owner-nolug@stoney.kellynet.org [mailto:owner-nolug@stoney.kellynet.org] > On Behalf Of Joey Kelly > Sent: Tue, April 08, 2014 10:53 am > To: undisclosed-recipients: > Subject: [Nolug] SSL bug > > http://heartbleed.com > > Guys, > > The guy that wrote the above needs to work on his english a little, but what's > described is bad. Very bad. If either end of an ssh or SSL connection (this > includes VPNs, IPsec, Puppet, secure websites, and other stuff) runs > vulnerable code (the site lists the versions in question), your stuff can be > owned. Log into your bank? An attacker can follow right after you and steal > all your money --- that bad. > > If you run Debian 7 or CentOS 6, you are vulnerable. Versions prior are safe > (I have no idea which versions of Ubuntu are based on which versions of > Debian, so if you run that, find out ASAP). > > Change all your SSL certs. Regenerate your ssh keys. Once that's done, change > any password (ssh, web login, you name it) that was used on a vulnerable > server. There is no telling if the bad guys knew about this before the bugs > were found, and no way of knowing if your stuff was accessed or not. > > This is a Big Deal. > > -- > Joey Kelly > Minister of the Gospel and Linux Consultant http://joeykelly.net > 504-239-6550 > ___________________ > Nolug mailing list > nolug@nolug.org > ___________________ Nolug mailing list nolug@nolug.org
___________________
Nolug mailing list
nolug@nolug.org
Received on 04/08/14

This archive was generated by hypermail 2.2.0 : 04/08/14 EDT