..on Tue, Apr 08, 2014 at 04:23:21PM -0700, Yosem Companys wrote:
From: Todd Greene t...@pubnub.com
There has been a lot of news in the past 24 hours regarding the
Heartbleed Bug (CVE-2014-0160) as reported by the OpenSSL project. If you
are not aware of the situation, the Heartbleed Bug is a serious
vulnerability in the popular OpenSSL cryptographic software library. The
bug allows anyone on the Internet to read the memory of the systems
protected by the vulnerable versions of the OpenSSL software.
We take security and privacy of customer data very seriously at PubNub.
To this end, I would like to let you know personally that as of 12:00am
Pacific this morning, we have applied the patch released by the OpenSSL
project to all of PubNub's machines and services. No further action is
required by PubNub's customers to address this vulnerability.
Perhaps you don't understand the scale of the problem. Please correct me if
wrong.
Revoking and regenerating the certs and keys, restarting services, is only the
beginning. Your users need to be told to generate new passwords. This exploit
has been in the wild for ~2yrs; any silently and previously compromised account
will be no less vulnerable post patch.
This is the long-tail of Heartbleed.
Cheers,
--
Julian Oliver
http://julianoliver.com
http://criticalengineering.org
PGP key: https://julianoliver.com/key.asc
Beware the auto-complete life.
--
Liberationtech is public archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by emailing moderator at
compa...@stanford.edu.
