OK, now... it's far too late for April Fool's. :(
That's scary as heck. :( Guess I know what the first order of
business will be tomorrow...
- Pete
On 4/8/2014 1:06 AM, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I'm really surprised no one has mentioned this here yet...
FYI,
- - ferg
Begin forwarded message:
From: Rich Kulawiec <r...@gsp.org> Subject: Serious bug in
ubiquitous OpenSSL library: "Heartbleed" Date: April 7, 2014 at
9:27:40 PM EDT
This reaches across many versions of Linux and BSD and, I'd
presume, into some versions of operating systems based on them.
OpenSSL is used in web servers, mail servers, VPNs, and many other
places.
Writeup: Heartbleed: Serious OpenSSL zero day vulnerability
revealed
http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/
Technical details: Heartbleed Bug http://heartbleed.com/
OpenSSL versions affected (from link just above): OpenSSL 1.0.1
through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT
vulnerable (released today, April 7, 2014) OpenSSL 1.0.0 branch is
NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlNDg9gACgkQKJasdVTchbIrAAD9HzKaElH1Tk0oIomAOoSOvfJf
3Dvt4QB54os4/yewQQ8A/0dhFZ/YuEdA81dkNfR9KIf1ZF72CyslSPxPvkDcTz5e
=aAzE
-----END PGP SIGNATURE-----
