Login

**Tiberius** · April 8, 2014 at 9:23 am

For those of you following tech news, there is quite a serious vulnerability affecting OpenSSL at the moment: http://www.bbc.co.uk/news/technology-26935905

Full (technical) details here: http://heartbleed.com

I patched the server this morning as soon as our vendor released the update, and all services that had the old OpenSSL loaded have been restarted. As far as I am aware, the server wasn't attacked using this vulnerability so all should be well.

- Tiberius

MindForgedManacle · April 9, 2014 at 11:57 pm

Damn, a site I admin uses OpenSSL too, including to generate pseudo-random strings. :/

**Tiberius** · April 19, 2014 at 1:53 pm

Update: Our CA offered to re-issue a new certificate and I just installed it.

**Jackalope** · April 19, 2014 at 3:18 pm

I was part of the team that analyzed my employer's vulnerability.

The good news - we aren't vulnerable - because our stuff is too old. We're still on OpenSSL 0.9.7 - 0.9.8. Dodgy

Sejanus · April 19, 2014 at 7:38 pm

I like how this guy explains it
https://www.youtube.com/watch?v=q-zfPwtlFzA

LastPoet · April 19, 2014 at 8:59 pm

Meh. If only hitler was just as bad ass as tibs on internet security, perhaps we would be speaking german by now.

Login
Username:
Password:	Lost Password?
	Remember me