Hey folks, for anyone no under a rock, you probably have heard about the heartbleed bug (http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/)
This is pretty epically bad as security goes. Although mhvlug.org only had SSL turned on a few months ago, the server was running mod_ssl in apache for a long time, given other websites (like my blog) that are vhosted on the same box. Which means that you should consider your passwords compromised on mhvlug.org. To reset your password go to https://mhvlug.org/user. You should also consider your mailing list password compromised, though it's mailman (and stores it plain text anyway), so you should consider that compromised all the time and not use anything valuable for it. I applied all the updates as soon as they landed in the Ubuntu repos, so no further exposure exists. However for the past 1 - 2 years, who knows what information was leaked. -Sean -- Sean Dague http://dague.net
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College May 7 - Personal 3D Printing Jun 4 - Samba: Can We All Just Get Along? Jul 2 - Mad Science Fair IV
