OpenSSL vuln

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans
Date:  
To: quatsch
Subject: OpenSSL vuln
moin moin,

Based on the following page:

OpenSSL heartbeat is enabled even if you're not using it unless you
disabled it at compile time.

The vulnerability has been in place for two years ( version 1.0.1 up until
1.0.1g that was just released ).

It can be exploited to reveal your private key without leaving a trace.

IDS can probably be configured to detect the attack.

http://heartbleed.com/

ciao,

der.hans
-- 
#  http://www.LuftHans.com/        http://www.LuftHans.com/Classes/
#  "The first requisite of a good citizen in this republic of ours is that
#  he should be able and willing to pull his weight."  -- Theodore Roosevelt
---------------------------------------------------
PLUG-discuss mailing list - 
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss