[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] OpenSSL 1.0.1 "Heartbleed" vulnerability
- From: Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 12 Apr 2014 08:35:46 +0000
- Content-disposition: inline
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:MIME-Version:References:Message-ID:To:From:Date; bh=GER0t92ogip5RtVR7xQE2pYVRXILKuOWxlW/KZCrMEA=; b=QD2RXiU4yzY0tH+dNd1eCArg6elIvpNCu6Hv+NUwCVZWrC2dz1lGMQ7GkDgcDnbcDZXyYlsw+BAlj1MIg80b7ERoDpBAbkFywbtLJt/cboSSj88zlJspWITUQwGb9wjHiB3zQuxmzlI1P5cs5V+ubIG+UHSFl3ZnAbk5c8cy4So=;
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1397291746; bh=PhzktVE27dC9tkUeySEB82cA502OM999Dp/0P4Kumak=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=UB/yoz/PhVPZGjKFCYjisEXq+g4oG8nMZylMnD3o3olM2BxDC2fBlDLqa2IbhZhki TFUoIJ5S12Wt08vxEI3ZVBUnt39M/pzskP5criGZk1Q3fWmZ2xUlBDzGnwJmaintqu Wx8sBq9D+oz2rpgyKVieO4/5XTF30kVyE3PCLHmc=
On Sat, Apr 12, 2014 at 06:44:40AM +0100, Simon Waters wrote:
> Bad Apple specifically said auditing, and I think this is the key.
Exactly.
It is kind of odd, given the tech industry's focus on compliance, that
you can still use a relatively poorly audited piece of software to
protect your secure connections.
And even to protect the key to your castle, as things just took a turn
for the worse:
http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed
Martijn.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq