[RndTbl] OpenSSL: patch it now!
athompso at athompso.net
Thu Apr 10 18:28:08 CDT 2014
Most SSL certificate providers are allowing their customers to revoke & reissue certificates at no charge as long as none of the details (including verification method) change.
On April 10, 2014 6:04:18 PM CDT, Trevor Cordes <trevor at tecnopolis.ca> wrote:
>Most people have probably heard about this already, but if not, *patch
>your OpenSSL now!* and restart your daemons.
>For some reason you (sometimes) have to reload that page a few times
>before it actually loads.
>This is the worst bug I've seen in like 10 years, insofar as you may
>been compromised already, but you don't (can't!) know it and they may
>sitting there with your keys, waiting to actually make use of them at a
>From how I read it, the only way to be safe & sure is to make a new CSR
>and buy a new SSL cert? Or are the cert vendors going to offer a
>Roundtable mailing list
>Roundtable at muug.mb.ca
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Roundtable