[ale] OpenSSL Broken, Upgrade Now

Jim Kinney jim.kinney at gmail.com
Tue Apr 15 13:07:05 EDT 2014


Heartbleed bug also affects android phones with Jelly Bean version

http://www.theguardian.com/technology/2014/apr/15/heartbleed-android-phones-vulnerable-data-shows


On Mon, Apr 7, 2014 at 7:14 PM, David Tomaschik <david at systemoverlord.com>wrote:

> TL;DR: Upgrade OpenSSL to >= 1.0.1g immediately, consider replacing keys.
>  Not as bad as Debian OpenSSL bug, but worse than "goto fail;".
>
> "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
> cryptographic software library. This weakness allows stealing the
> information protected, under normal conditions, by the SSL/TLS encryption
> used to secure the Internet. SSL/TLS provides communication security and
> privacy over the Internet for applications such as web, email, instant
> messaging (IM) and some virtual private networks (VPNs).
>
> The Heartbleed bug allows anyone on the Internet to read the memory of the
> systems protected by the vulnerable versions of the OpenSSL software. This
> compromises the secret keys used to identify the service providers and to
> encrypt the traffic, the names and passwords of the users and the actual
> content. This allows attackers to eavesdrop communications, steal data
> directly from the services and users and to impersonate services and users."
>
> http://heartbleed.com
>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain


*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140415/cb79e5e8/attachment-0001.html>


More information about the Ale mailing list