[RndTbl] OpenSSL: patch it now!
Trevor Cordes
trevor at tecnopolis.ca
Thu Apr 10 18:04:18 CDT 2014
Most people have probably heard about this already, but if not, *patch
your OpenSSL now!* and restart your daemons.
CVE-2014-0160
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
For some reason you (sometimes) have to reload that page a few times
before it actually loads.
This is the worst bug I've seen in like 10 years, insofar as you may have
been compromised already, but you don't (can't!) know it and they may be
sitting there with your keys, waiting to actually make use of them at a
later date.
>From how I read it, the only way to be safe & sure is to make a new CSR
and buy a new SSL cert? Or are the cert vendors going to offer a "redo"
for free?
More information about the Roundtable
mailing list