[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- From: Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 Apr 2014 19:00:57 +0000
- Content-disposition: inline
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:MIME-Version:References:Message-ID:To:From:Date; bh=URowy9Yfgff0v3+KPNlYO9kGu0Ko0QW80G5jHEEDuYw=; b=a+6paO5ogj5OqN/aDH3QYd8s7s5FQ4e3TpeUKB2VG+3uDq0lS67tkbRKFnJJJzI150vf41+fKjIHcukUu7PIYOmCk798HNTaXxem7g40pdv/GUvUbtzkRhU3xV+/cvxiSnjyDT7rsiY/lwsjAVJntqe8AnSNatL/n6Ez3dpFLXI=;
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1396983657; bh=TLxchiykh2vfIwZgNzNlTlaSMg1iIiw61wO8gHhypX0=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=r5qzwE6UlB5ShS6kyeT5WOSiY38ukxS9uJBX6uv11Ks1CrFjUnHy95b/5rhBH6IcA U7bHegCCsFfLzUenYy0k4ph2kX0UzLDg+TUnFte7i+hcO/bwJI0K0QT91p88OrKaXE UZXuPejZ1prfRa8JANxJPRYWvXrTZT8w29piZpnM=
On Tue, Apr 08, 2014 at 07:44:51PM +0100, Simon Waters wrote:
> My comments on the page are a bit of a give away ;)
:-)
> I was patching servers, and learning about TLS most of the day. That
> there is more for me to learn about TLS is probably the root of the
> problem, it is too complex.
Indeed. And then people say we should all start using elliptic curve
cryptography.
> I know it was giving false negatives when overloaded. It's evolved a
> fair bit today - hats off to the guy for delivering it so fast and
> scaling it during the day. My efforts at devops pale in comparison.
+1
It was giving a FP on www.example.com, which was nice, as I could use it
in a screen shot for a blog post I wrote on the subject.
This is a nice short video that explains the vulnerability:
http://www.quora.com/Whats-the-impact-of-the-Heartbleed-bug-in-OpenSSL/answer/Zulfikar-Ramzan
Martijn.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq