It's going to be a bad week for SysAdmin... -> Jake On Tue, Apr 8, 2014 at 9:25 AM, Erik Anderson <erikerik at gmail.com> wrote: > I'm guessing I'm not the only one that was up late patching systems to > mitigate this security disaster. :( > > I've been thinking through all of the various vulnerabilities we've seen > in my career, and I'm not sure I can think of one that is as potentially > damaging as this one is. > > For those that haven't heard, the Heartbleed[1] OpenSSL bug was announced > yesterday. In short, it's a bug in the TLS heartbeat functionality that > allows any party to remotely read any accessible memory contents in the > affected systems. Meaning that your private keys, session keys, etc. have > all potentially been compromised. > > So, if you're running a linux server with an application that uses TLS and > you have OpenSSL versions 1.0.1 = 1.0.1f, you're vulnerable and need to > respond appropriately: patch openssl and libssl, regenerate private keys, > get new SSL certs issued/installed, etc. It's been a fun 18 hours. :) > > -Erik > > [1]: http://heartbleed.com/ > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20140408/189cdedb/attachment.html>