HackFest Series: OpenSSL, MD5, CA security flaws
James Lee Bell
nuclear-cowboy at cox.net
Fri Jan 16 22:43:03 MST 2009
I know my company sure as heck did. When all our feeds got the news on
the 30th, we were digging through all of our own certs ensuring we
didn't have an issue there. Then pushing plans to the server guys to
start looking at OpenSSL upgrades soon as they came out.
All of the certs/listed CA's that are embedded in the browsers by the
vendors are another matter entirely. Does one go overboard and rip out
the cert for every one that isn't using RSA hash, or wait for the b
browser vendors with baited breath and crossed fingers?
Lisa Kachold wrote:
> I just talked with two admins from a well known solutions provider who
> didn't know anything about these issues?
>
> Is anyone taking this seriously?
>
More information about the PLUG-discuss
mailing list