[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- From: Philip Hudson <phil.hudson@xxxxxxxxx>
- Date: Tue, 8 Apr 2014 11:03:27 +0100
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:To:Message-ID:Date:From:References:In-Reply-To:MIME-Version; bh=MYwSUdHJFZWadD+jwzGY4xS25Up23fUYhI7q9l7WR3M=; b=TANI8LtN/vCXBABitRsZaWsDt6N3QVgBQWJQEA2y3tkrFTbR+gNcL9QXjhKfCjNvg2cIe+P0US+RV9ypPLXr3XP+5Qne52/LpZevQYQAZoy+6A157AdNzoyrg0upeTsMnfSVReDTrXJ+/DagCrDkA3MyZzquwjJJ80vpMvu4BcY=;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=/h3G6YxxXu3Cd6IbQM6QkOwo6QtDXfC/FDzMziJj+30=; b=WJFJ2wELCW9HSPZdePkAcGdz4MYiQ5mPIP3iFo8yWc0ncfAoZRYsTxUHFD0QkA/2LC kkJJgaJjfPdttI1zkCVpNZ7vVReoRvYMjZT3DNQ7Rh6y4B5nU6ENmdNkA0oola5jP5Ej OVhIt8b/5FdEBcEYIxq/ieWyv9b0iWx7Cs6zWBOJ90Z45X+HA0Jwe7jeaIkMBDl6mrDr JvUwaK7f8Syg1w2pOP4HCbjKMdu78Lgv8n3r9IkR4up2OtX721vJeAL4qpYcdpyMe0TR XPZCLZrVv0TDZX/hT3Htie1jTL9STjAZlixVF9xlMdaRaSBOIng0nEUH00MAqDblGrLt 2ccw==
On 8 April 2014 11:01, Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx> wrote:
> On Tue, Apr 08, 2014 at 10:44:02AM +0100, Paul Sutton wrote:
>> So is this easy to fix then or is it more complex than just patching
>> the issue and releasing an updated version.
>
> Fixing is easy: just upgrade to OpenSSL 1.0.1g.
>
> The problem is that it might be that someone has used this against your
> server and thus obtained secret keys and other information that you
> don't want others to steal.
>
> This blog:
> http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
> advises to also regenerate your private key AND to replace SSL
> certificates. Which is a huge pain.
In case it's not obvious, that means taking the affected systems
offline and airgapped while you regenerate keys.
--
Phil Hudson http://hudson-it.no-ip.biz
@UWascalWabbit PGP/GnuPG ID: 0x887DCA63
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq