Am 13. Mai, 2008 schwätzte Alex Dean so:
> I've got a personal server and a laptop running Ubuntu Hardy. I've run full
> system updates including libssl, openssl, etc.
>
> Crypto isn't really my thing, so I'm not sure all the places where this issue
> might have affected me. After the update, I regenerated my host keys for
> openssh, the certificate used for courier-imap-ssl, and the self-signed cert
> I use for the web server.
>
> What other steps might I need to take? Are the things I've done so far
> sensible, or were they unnecessary?
Sensible if the certs were generated in the last couple of years.
I think certs/keys older than 2006 should be safe.
If you have client sessions open to services make sure they get restarted
as well.
One of the posts I read suggested also changing passwords for systems that
had weak keys.
Luckily most of my keys are older than the bug :).
ciao,
der.hans
--
# https://www.LuftHans.com/ https://LOPSA.org/
# If determining good culture is left up to busybodies and politicians,
# we will be left with culture fit only for busybodies and politicians.
# -- Jeff Taylor, Reason
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)