[RndTbl] OpenSSL: patch it now!

Adam Thompson athompso at athompso.net
Thu Apr 10 18:28:08 CDT 2014


Most SSL certificate providers are allowing their customers to revoke &  reissue certificates at no charge as long as none of the details (including verification method) change.
-Adam


On April 10, 2014 6:04:18 PM CDT, Trevor Cordes <trevor at tecnopolis.ca> wrote:
>Most people have probably heard about this already, but if not, *patch 
>your OpenSSL now!* and restart your daemons.
>
>CVE-2014-0160
>
>http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>
>For some reason you (sometimes) have to reload that page a few times 
>before it actually loads.
>
>This is the worst bug I've seen in like 10 years, insofar as you may
>have 
>been compromised already, but you don't (can't!) know it and they may
>be 
>sitting there with your keys, waiting to actually make use of them at a
>
>later date.
>
>From how I read it, the only way to be safe & sure is to make a new CSR
>
>and buy a new SSL cert?  Or are the cert vendors going to offer a
>"redo" 
>for free?
>_______________________________________________
>Roundtable mailing list
>Roundtable at muug.mb.ca
>http://www.muug.mb.ca/mailman/listinfo/roundtable

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20140410/7092f758/attachment.html>


More information about the Roundtable mailing list