I have NOT seen this alert flash across the internal APAR systems of a couple major services companies either. I've done my best to fix what's available to me, but that doesn't excuse the industry's lack of response to this problem. Maybe they're waiting on CNN to show some poor mom&pop shop getting pwned.
I know my company sure as heck did. When all our feeds got the news on
the 30th, we were digging through all of our own certs ensuring we
didn't have an issue there. Then pushing plans to the server guys to
start looking at OpenSSL upgrades soon as they came out.
All of the certs/listed CA's that are embedded in the browsers by the
vendors are another matter entirely. Does one go overboard and rip out
the cert for every one that isn't using RSA hash, or wait for the b
browser vendors with baited breath and crossed fingers?
Lisa Kachold wrote:
> I just talked with two admins from a well known solutions provider who
> didn't know anything about these issues?
>
> Is anyone taking this seriously?
>
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss