[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, Apr 08, 2014 at 07:25:22PM +0100, Simon Waters wrote: > See later in thread. Means even if the server's private key is > compromised historic conversations remain encrypted, and similarly if > one temporary key is compromised, not everything is bust. I know. I might have exaggerated a bit when I said it was "only necessary against powerful adversaries" but there are so many bad things you can do by using this server, even if you use PFS, that I wouldn't assume you're fine. > I suspect this has been known for a while, but lots of people have been > "playing" with it today. A week, I've read somewhere. At least to the white hat community. I was going to send you this post and the discussion below: http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities but perhaps you've read it already. > >> http://filippo.io/Heartbleed/ > > > > This one gives false positives. > > You sure. I had one I suspected as a false positive, but otherwise it > seems reliable. It now says "There should not be false results anymore" so I had good reason to be sure, but it's probably been fixed. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq