on 2014-04-10 16:31 Bob W-PDML wrote
It is the technically literate who have been the most trusting, swallowing
whole and without supporting evidence the idea that open source software is
inherently secure because so many eyes are supposedly examining it.
i wonder which "technically literate"
it Visser wrote:
>>> Sometimes you get what you pay for. Certainly puts a dent in the
>>> peer-reviewed code is more secure mantra.
>>>
>>> Gerrit
>>>
>>> -Original Message-
>>> From: PDML [mailto:pdml-boun...@pdml.net] On Behalf
code is more secure mantra.
>>
>> Gerrit
>>
>> -Original Message-----
>> From: PDML [mailto:pdml-boun...@pdml.net] On Behalf Of Darren Addy
>> Sent: Thursday, April 10, 2014 1:50 PM
>> To: Pentax-Discuss Mail List
>> Subject: Re: Heartbleed
>>
t; Sometimes you get what you pay for. Certainly puts a dent in the
> peer-reviewed code is more secure mantra.
>
> Gerrit
>
> -Original Message-
> From: PDML [mailto:pdml-boun...@pdml.net] On Behalf Of Darren Addy
> Sent: Thursday, April 10, 2014 1:50 PM
> To: Penta
On 10 Apr 2014, at 17:55, "steve harley" wrote:
>
> on 2014-04-10 10:29 Darren Addy wrote
>> What the HeartBleed Attack Really Means:
>> http://www.newyorker.com/online/blogs/elements/2014/04/the-internets-telltale-heartbleed.html
>
> it's amusing to see the media rush to explain Heartbleed; per
on 2014-04-10 14:27 John Sessoms wrote
It's four guys who don't get paid for it. They're all volunteers.
i suspect they are paid, as time to contribute to community software is often a
standard part of a developer's compensation; sometimes employees are recruited
specifically because of the o
the proprietary.
On Thu, Apr 10, 2014 at 1:51 PM, Gerrit Visser wrote:
Sometimes you get what you pay for. Certainly puts a dent in the
peer-reviewed code is more secure mantra.
Gerrit
-Original Message-
From: PDML [mailto:pdml-boun...@pdml.net] On Behalf Of Darren Addy
Sent: Thursday, A
rtainly puts a dent in the
> peer-reviewed code is more secure mantra.
>
> Gerrit
>
> -Original Message-
> From: PDML [mailto:pdml-boun...@pdml.net] On Behalf Of Darren Addy
> Sent: Thursday, April 10, 2014 1:50 PM
> To: Pentax-Discuss Mail List
> Subject: Re: H
Sometimes you get what you pay for. Certainly puts a dent in the
peer-reviewed code is more secure mantra.
Gerrit
-Original Message-
From: PDML [mailto:pdml-boun...@pdml.net] On Behalf Of Darren Addy
Sent: Thursday, April 10, 2014 1:50 PM
To: Pentax-Discuss Mail List
Subject: Re
I found a local internet service provider (and web host) that was
vulnerable and alerted them.
Interesting that this DOES NOT affect the Windows web server (IIS).
Probably the first time in history that IIS web admins are happy that
they manage a Microsoft product.
On Thu, Apr 10, 2014 at 12:02 P
That's a very good point Steve. (I generally consider anything that I
haven't already thought of as a Good Point).
: )
Now who in the world do we think might have the resources to store
huge amounts of encrypted internet traffic? [COUGH! nsa COUGH!]
http://www.buzzfeed.com/charliewarzel/the-nsa-an
on 2014-04-10 10:29 Darren Addy wrote
What the HeartBleed Attack Really Means:
http://www.newyorker.com/online/blogs/elements/2014/04/the-internets-telltale-heartbleed.html
it's amusing to see the media rush to explain Heartbleed; perhaps it will
increase technical literacy and cause an approp
I'm not using Chrome. I was already disturbed with how intrusive Google
has become before the whole thing started.
On 4/10/2014 12:31 PM, steve harley wrote:
on 2014-04-10 7:55 Bruce Walker wrote
That site has been swamped with requests and times-out before
returning an answer. But this articl
on 2014-04-10 7:55 Bruce Walker wrote
That site has been swamped with requests and times-out before
returning an answer. But this articles lists common sites and their
vulnerability or not:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
if you use Chrome you can add this exte
What the HeartBleed Attack Really Means:
http://www.newyorker.com/online/blogs/elements/2014/04/the-internets-telltale-heartbleed.html
On Thu, Apr 10, 2014 at 11:24 AM, John Sessoms wrote:
> Be nice if that was in a printable format.
>
> I am *NOT* happy with *ANY* computers, computer companies
Be nice if that was in a printable format.
I am *NOT* happy with *ANY* computers, computer companies or software of
any way shape or form this morning.
On 4/10/2014 9:55 AM, Bruce Walker wrote:
That site has been swamped with requests and times-out before
returning an answer. But this articles
It appears that way if you put the whole URL in there.
REMOVE the "http://"; or the "https://";
add the ":443" after the domain if you want to be sure to test the SSL
(which is the whole point of this exercise)
I think you'll find response is quite quick if you leave off the https://
On Thu, Apr
That site has been swamped with requests and times-out before
returning an answer. But this articles lists common sites and their
vulnerability or not:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
On Wed, Apr 9, 2014 at 11:11 AM, Darren Addy wrote:
> If you want to test your
If you want to test your bank's web site (for example), just replace
the domain name here:
http://filippo.io/Heartbleed/
I believe you either need to begin the URL with https: OR leave the
:443 (port number) in that field. Assuming they are running SSL on
standard port.
On Wed, Apr 9, 2014 at 1
My server is fine as well. Glad I had been procrastinating with an upgrade,
now I have an excuse to wait a bit longer :D
Cheers,
Dave
On Apr 9, 2014, at 3:20 am, Tim Bray wrote:
> Yeah, you’re right; e.g. my own tbray.org server is fine because it’s
> been up for 1080 days and has openssl 0.9
Looks like this has hit the mainstream news and is a pretty big deal.
We heard it here first - thanks Tim!
My own website has some sort of SSL cert but I don't use it... I'm more
worried about my bank's website!
Mark
On 4/7/2014 8:13 PM, Tim Bray wrote:
In the unlikely event that any of y
Bob W-PDML wrote:
>Should have gone with http://www.houyhnhnm.com. Seems obvious really.
Their original choice, I'll admit, was none too swift.
--
Mark Roberts - Photography & Multimedia
www.robertstech.com
--
PDML Pentax-Discuss Mail List
PDML@pdml.net
http://pdml.net/mailman/listinfo/p
Should have gone with http://www.houyhnhnm.com. Seems obvious really.
B
> On 8 Apr 2014, at 20:23, "Mark Roberts" wrote:
>
> http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/
>
> Apparently some damage already done with the leaking of passwords.
> Unsurprisi
http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/
Apparently some damage already done with the leaking of passwords.
Unsurprisingly, they're the passwords from a large Internet company
whose name rhymes with "wahoo".
--
PDML Pentax-Discuss Mail List
PDML@pdml.
Tue Apr 8 11:20:38 EDT 2014
Tim Bray wrote:
> My estimation of NSA's cleverness is a little lower than yours,
... you mean they are even more stupid than I?
;-)
Cheers,
Igor
--
PDML Pentax-Discuss Mail List
PDML@pdml.net
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from t
Tue Apr 8 13:39:40 EDT 2014
steve harley
> on 2014-04-08 8:51 Igor Roshchin wrote
> > Strictly speaking it is not a "zero-day", as it was introduced in the
> > version 1.0.1, and the earlier versions are not vulnerable.
>
> it does seem to be a zero-day threat; zero-day refers to the timing of
on 2014-04-08 8:51 Igor Roshchin wrote
Strictly speaking it is not a "zero-day", as it was introduced in the
version 1.0.1, and the earlier versions are not vulnerable.
it does seem to be a zero-day threat; zero-day refers to the timing of the
announcement rather than to what versions of softw
I ask about the credit cards, because I went on-line yesterday to buy
repair parts for one of my lawn-care power tools & paid for the parts
with a credit card. That was before I saw your original post.
On 4/8/2014 11:40 AM, Tim Bray wrote:
It’s potentially much, much worse than that. They inc
The NSA ain't all that clever, but some of the contractors they hire
might be.
On 4/8/2014 11:20 AM, Tim Bray wrote:
Yeah, you’re right; e.g. my own tbray.org server is fine because it’s
been up for 1080 days and has openssl 0.9.8. My estimation of NSA’s
cleverness is a little lower than yours
David J Brooks wrote:
>how to you know what version one has. My firefox is SSL 3
This is for web servers, Dave, not web browsers.
--
PDML Pentax-Discuss Mail List
PDML@pdml.net
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and
how to you know what version one has. My firefox is SSL 3
Dave
On Mon, Apr 7, 2014 at 8:13 PM, Tim Bray wrote:
> In the unlikely event that any of you run https-enabled web sites and
> haven't visited heartbleed.com today, get thee over there post-haste
> and find out what version of OpenSSL you
It’s potentially much, much worse than that. They include the signing
keys that web sites use to make "https:" addresses work. So the bad
guys can in principle pretend to be https://your-bank.com and steal
not just your credit card number but everything. Note that not every
bank would have been
Do those secrets include CREDIT CARD DATA from on-line purchases?
On 4/8/2014 1:53 AM, Tim Bray wrote:
Summary: A programming error allows bad guys to steal secrets on a
HUGE number of websites; geeks are working late all over the internet
closing the barn doors. We won’t know for a while how
Yeah, you’re right; e.g. my own tbray.org server is fine because it’s
been up for 1080 days and has openssl 0.9.8. My estimation of NSA’s
cleverness is a little lower than yours, I bet it was a surprise to
them too. Someone should ask Snowden ;)
On Tue, Apr 8, 2014 at 7:51 AM, Igor Roshchin wro
Tim,
Thanks a lot for the heads-up.
Apparently, I saw it here before I saw it through the "proper" channels.
Strictly speaking it is not a "zero-day", as it was introduced in the
version 1.0.1, and the earlier versions are not vulnerable.
(I haven't seen any discussion of this yet, but I wouldn
Summary: A programming error allows bad guys to steal secrets on a
HUGE number of websites; geeks are working late all over the internet
closing the barn doors. We won’t know for a while how bad the damage
has been.
On Mon, Apr 7, 2014 at 7:14 PM, John Sessoms wrote:
> Just out of curiosity for
Just out of curiosity for the rest of us ... WTF?
On 4/7/2014 8:13 PM, Tim Bray wrote:
In the unlikely event that any of you run https-enabled web sites and
haven’t visited heartbleed.com today, get thee over there post-haste
and find out what version of OpenSSL you’re running and consider
repla
37 matches
Mail list logo
