HackFest Series: OpenSSL, MD5, CA security flaws
James Mcphee
jmcphe at gmail.com
Sat Jan 17 05:50:19 MST 2009
I have NOT seen this alert flash across the internal APAR systems of a
couple major services companies either. I've done my best to fix what's
available to me, but that doesn't excuse the industry's lack of response to
this problem. Maybe they're waiting on CNN to show some poor mom&pop shop
getting pwned.
On Fri, Jan 16, 2009 at 10:43 PM, James Lee Bell <nuclear-cowboy at cox.net>wrote:
> I know my company sure as heck did. When all our feeds got the news on
> the 30th, we were digging through all of our own certs ensuring we
> didn't have an issue there. Then pushing plans to the server guys to
> start looking at OpenSSL upgrades soon as they came out.
>
> All of the certs/listed CA's that are embedded in the browsers by the
> vendors are another matter entirely. Does one go overboard and rip out
> the cert for every one that isn't using RSA hash, or wait for the b
> browser vendors with baited breath and crossed fingers?
>
> Lisa Kachold wrote:
> > I just talked with two admins from a well known solutions provider who
> > didn't know anything about these issues?
> >
> > Is anyone taking this seriously?
> >
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
James McPhee
jmcphe at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090117/39ea3b09/attachment.htm
More information about the PLUG-discuss
mailing list