OpenSSL vuln
Michael Havens
bmike1 at gmail.com
Mon Apr 7 14:09:48 MST 2014
thank for the heads up!
:-)~MIKE~(-:
On Mon, Apr 7, 2014 at 1:57 PM, der.hans <PLUGd at lufthans.com> wrote:
> moin moin,
>
> Based on the following page:
>
> OpenSSL heartbeat is enabled even if you're not using it unless you
> disabled it at compile time.
>
> The vulnerability has been in place for two years ( version 1.0.1 up until
> 1.0.1g that was just released ).
>
> It can be exploited to reveal your private key without leaving a trace.
>
> IDS can probably be configured to detect the attack.
>
> http://heartbleed.com/
>
> ciao,
>
> der.hans
> --
> # http://www.LuftHans.com/ http://www.LuftHans.com/Classes/
> # "The first requisite of a good citizen in this republic of ours is that
> # he should be able and willing to pull his weight." -- Theodore
> Roosevelt
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20140407/92aa1109/attachment.html>
More information about the PLUG-discuss
mailing list