Re: OpenSSL vuln

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMder.hans at <-
.Mjill at ->
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Havens
Date:  
To: Main PLUG discussion list
Subject: Re: OpenSSL vuln
thank for the heads up!

:-)~MIKE~(-:


On Mon, Apr 7, 2014 at 1:57 PM, der.hans <> wrote:

> moin moin,
>
> Based on the following page:
>
> OpenSSL heartbeat is enabled even if you're not using it unless you
> disabled it at compile time.
>
> The vulnerability has been in place for two years ( version 1.0.1 up until
> 1.0.1g that was just released ).
>
> It can be exploited to reveal your private key without leaving a trace.
>
> IDS can probably be configured to detect the attack.
>
> http://heartbleed.com/
>
> ciao,
>
> der.hans
> --
> #  http://www.LuftHans.com/        http://www.LuftHans.com/Classes/
> #  "The first requisite of a good citizen in this republic of ours is that
> #  he should be able and willing to pull his weight."  -- Theodore
> Roosevelt
> ---------------------------------------------------
> PLUG-discuss mailing list - 
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-OpenSSL vulnOff Topic Server recommendations->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)