[RndTbl] OpenSSL: patch it now!
Adam Thompson
athompso at athompso.net
Thu Apr 10 18:28:08 CDT 2014
Most SSL certificate providers are allowing their customers to revoke & reissue certificates at no charge as long as none of the details (including verification method) change.
-Adam
On April 10, 2014 6:04:18 PM CDT, Trevor Cordes <trevor at tecnopolis.ca> wrote:
>Most people have probably heard about this already, but if not, *patch
>your OpenSSL now!* and restart your daemons.
>
>CVE-2014-0160
>
>http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>
>For some reason you (sometimes) have to reload that page a few times
>before it actually loads.
>
>This is the worst bug I've seen in like 10 years, insofar as you may
>have
>been compromised already, but you don't (can't!) know it and they may
>be
>sitting there with your keys, waiting to actually make use of them at a
>
>later date.
>
>From how I read it, the only way to be safe & sure is to make a new CSR
>
>and buy a new SSL cert? Or are the cert vendors going to offer a
>"redo"
>for free?
>_______________________________________________
>Roundtable mailing list
>Roundtable at muug.mb.ca
>http://www.muug.mb.ca/mailman/listinfo/roundtable
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20140410/7092f758/attachment.html>
More information about the Roundtable
mailing list