[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- To: <list@xxxxxxxxxxxxx>
- Subject: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- From: Rob Beard <rob@xxxxxxxxxxxxxxx>
- Date: Tue, 08 Apr 2014 09:27:38 +0000
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:Message-ID:References:In-Reply-To:From:Date:MIME-Version:To; bh=4dTODwMgt0MHDe6JpXJsG/l7ziQlVdqaIKpLF9AQ/xQ=; b=5eFk2x8feiP43/ROtAvkIes5BJLovXIeaTfYL5C4oi+uQ5ngggP3DbLan8aarg/ujJuwmcv8aI3pZeG9p3Cv3++gpy3uyGNGIRpNyXZWpLRADA4RBZSaacjNCgFefW8FW4Q859KtylGCwBKPq14dNahDPJ1JVCAlzvRVbR0gZQU=;
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mareandfoal.org; s=office; h=Message-ID:References:In-Reply-To:From:Date:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:To; bh=/1Su5fxF9gfEWH89yNCDMrVHHrcBUEGhdE9r4be6NAo=; b=gBrIIxpBhTmNdO0kaAFsCTcIVuwFPLuRMXLc2VqPYhO8Cz+jki/Omz1UPeDPWLYjRrY01mnvj01EOBZH4vmZ+8YPigHsn9r1JczbAgMT8O6ENWeuc4lfhbMJB6P2FLvGiBVT0NsRuHPSAWuCk04qS3iGhAN1pLyMxxGbHSQBSgU=;
On Tue, 8 Apr 2014 08:10:20 +0000, Martijn Grooten
<martijn@xxxxxxxxxxxxxxxxxx> wrote:
> Things rarely get more serious than this:
>
>
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
> http://heartbleed.com/
>
> Martijn.
I've spent the morning updating our Debian servers at work, but there's
something I wasn't entirely clear about. According to the Ars article the
Private Keys can be recovered, am I right in thinking this would affect SSL
keys, TLS keys on e-mail servers and keys used on OpenVPN?
Rob
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq