Is now a bad time to sugest this might be a 'internet wargames test'?
On Thu, Apr 10, 2014 at 10:47 AM, Owen Densmore <[email protected]> wrote: > The follow-on links are pretty good too. > > -- Owen > > > On Thu, Apr 10, 2014 at 10:20 AM, Joshua Thorp <[email protected]>wrote: > >> according to >> https://www.schneier.com/blog/archives/2014/04/heartbleed.html >> >> http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat >> >> apparently the bug gives access to 64K chunk of ram on the server. The >> private key might be in that chunk, but probably won't be... however you >> will get different chunks over time so if you wait long enough you might >> end up with a chunk that has a private key or someone's password. >> >> --joshua >> >> On Apr 10, 2014, at 10:05 AM, Owen Densmore <[email protected]> wrote: >> >> Hi Barry. How would the private keys be exposed? The pub/priv >> computation is done locally, right? >> >> BTW: All node servers are secure due to their ssl config turning off the >> "heartbeat" option. NodeWeekly: >> Node 0.8.x and 0.10.2+ Not Vulnerable to Heartbleed >> Issue<http://nodeweekly.us1.list-manage1.com/track/click?u=0618f6a79d6bb9675f313ceb2&id=48089106bd&e=5de03852bb> >> -- Popular Node versions aren't exposed to the Heartbleed >> vulnerability<http://nodeweekly.us1.list-manage.com/track/click?u=0618f6a79d6bb9675f313ceb2&id=f4a4a00af1&e=5de03852bb> >> as >> the heartbeat extension was turned off in a Node commit a year ago. Yay. >> *GITHUB* >> >> -- Owen >> >> >> On Thu, Apr 10, 2014 at 9:51 AM, Barry MacKichan < >> [email protected]> wrote: >> >>> It is a major PITA. Certificates on affected servers (which include >>> Amazon EC2 Linus servers) may have had their private keys exposed, so >>> certificates have to be reissued with different keys. This is, apparently, >>> a major bottleneck. >>> >>> --Barry >>> >>> >>> >>> >>> On 9 Apr 2014, at 21:23, Owen Densmore wrote: >>> >>> Worth knowing about: >>>> >>>> http://www.washingtonpost.com/news/morning-mix/wp/2014/04/ >>>> 09/major-bug-called-heartbleed-exposes-data-across-the-internet/ >>>> >>>> Pretty serious crypto flaw. >>>> >>>> [image: Inline image 1] >>>> -- Owen >>>> >>>> [image.png] >>>> >>>> ============================================================ >>>> FRIAM Applied Complexity Group listserv >>>> Meets Fridays 9a-11:30 at cafe at St. John's College >>>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com >>>> >>> >>> ============================================================ >>> FRIAM Applied Complexity Group listserv >>> Meets Fridays 9a-11:30 at cafe at St. John's College >>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com >>> >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9a-11:30 at cafe at St. John's College >> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com >> >> >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9a-11:30 at cafe at St. John's College >> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com >> > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com >
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
