There is now a fork by openbsd people for openssl. It's called libressl. http://www.libressl.org/
They crave for more people to help. On Tue, Apr 15, 2014 at 5:57 AM, Michael Vasiliev <li...@infoscav.net>wrote: > If any of you guys and gals think this isn's serious, think twice. The > CloudFlare SSL Heartbleed challenge site's SSL key was stolen within hours > of being announced. There is a wave of security compromises all over the > world and sane CAs are offering free renewals of SSL certificates. > > > On 04/11/2014 08:35 AM, Eli Billauer wrote: > > Hi all, > > I suppose that the security freaks already know about this, and still, > this seems important enough for an alert. > > In a nutshell, a bug in the mechanism that allows keepalive messages to > be sent to maintain an SSL link, also allows, accidentally, a remote > attacker to read a segment of up to 64 kBytes from the server's memory. > It's doesn't give access to any chunk of 64 kBytes, but it's a segment > which is likely to be dirty with data that belongs to the process > running openSSL. So there's a chance that data related to private keys > and passwords is revealed this way. > > See http://en.wikipedia.org/wiki/Heartbleed > > I haven't found any tool checking a local SSH server, say as source code > in C. I suppose it's being avoided for the sake of not supplying the > almost-finished attack to script kiddies. > > Hag Sameah, > > Eli > > > > > _______________________________________________ > Haifux mailing list > Haifux@haifux.org > http://haifux.org/mailman/listinfo/haifux > >
_______________________________________________ Haifux mailing list Haifux@haifux.org http://haifux.org/mailman/listinfo/haifux
