I have NOT seen this alert flash across the internal APAR systems of a
couple major services companies either. I've done my best to fix what's
available to me, but that doesn't excuse the industry's lack of response to
this problem. Maybe they're waiting on CNN to show some poor mompop shop
I just talked with two admins from a well known solutions provider who didn't
know anything about these issues?
Is anyone taking this seriously?
From: lisakach...@obnosis.com
To: plug-discuss@lists.plug.phoenix.az.us
Subject: HackFest Series: OpenSSL, MD5, CA security flaws
Date: Thu, 8 Jan
I know my company sure as heck did. When all our feeds got the news on
the 30th, we were digging through all of our own certs ensuring we
didn't have an issue there. Then pushing plans to the server guys to
start looking at OpenSSL upgrades soon as they came out.
All of the certs/listed CA's that
1) OpenSSL malformed signature checking:
http://openssl.org/news/secadv_20090107.txt
This effects a great number of products and installations.
Who is affected?
=
Everyone using OpenSSL releases prior to 0.9.8j as an SSL/TLS client
when connecting to a server whose certificate