Re: HackFest Series: OpenSSL, MD5, CA security flaws

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: James Mcphee
Date:  
To: Main PLUG discussion list
Subject: Re: HackFest Series: OpenSSL, MD5, CA security flaws
I have NOT seen this alert flash across the internal APAR systems of a
couple major services companies either. I've done my best to fix what's
available to me, but that doesn't excuse the industry's lack of response to
this problem. Maybe they're waiting on CNN to show some poor mom&pop shop
getting pwned.

On Fri, Jan 16, 2009 at 10:43 PM, James Lee Bell <>wrote:

> I know my company sure as heck did. When all our feeds got the news on
> the 30th, we were digging through all of our own certs ensuring we
> didn't have an issue there. Then pushing plans to the server guys to
> start looking at OpenSSL upgrades soon as they came out.
>
> All of the certs/listed CA's that are embedded in the browsers by the
> vendors are another matter entirely. Does one go overboard and rip out
> the cert for every one that isn't using RSA hash, or wait for the b
> browser vendors with baited breath and crossed fingers?
>
> Lisa Kachold wrote:
> > I just talked with two admins from a well known solutions provider who
> > didn't know anything about these issues?
> >
> > Is anyone taking this seriously?
> >
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>




--
James McPhee

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss