[57north-discuss] Heartbleed (was: LastPass)

[Iain R. Learmonth]

An interesting bit of stuff from an email on the bitfolk-users list[1]: the
vulnerability is in openssl. If you're on Debian, that means that you can
just upgrade libssl and everything is happy. On other platforms you could
end up with convinience copies of libraries or static binaries and such so
do check your POP/IMAP/LDAP/RADIUS servers and anything else that can use
SSL not just your Apache server.

[1]: http://lists.bitfolk.com/lurker/message/20140411.185406.8009aff8.en.html

Iain.

On Thu, Apr 10, 2014 at 12:02:23PM +0100, Iain R. Learmonth wrote:
> On Thu, Apr 10, 2014 at 11:34:00AM +0100, Richard Scott wrote:
> > https://lastpass.com/heartbleed/
> 
> More useful: http://filippo.io/Heartbleed/
> 
> This site actually checks that it can exploit your server so you know when
> you're patched.
> 
> Our site was patched shortly after the vulnerability was announced by Tom.
> It's nice to see that the members of the space were concerned about the
> security of our main public presence.
> 
> Iain.
> 
> P.S. Richard - Please clear the In-Reply-To header on your emails if you're
> going to start a new thread by replying to an email in another thread.
> 
> -- 
> urn:x-human:Iain R. Learmonth
> http://iain.learmonth.me/
> mailto:irl at fsfe.org
> xmpp:irl at jabber.fsfe.org
> tel:+447875886930
> 
> GPG Fingerprint: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49
> Please verify out-of-band before trusting with sensitive information.
> 
> [[[ To any GCHQ or other security service agents reading my email: ]]]
> [[[ Please consider if any professional body code of conduct to    ]]]
> [[[ which you subscribe requires you to follow Snowden's example.  ]]]
> [[[ Your professional membership, chartered or incorporated status ]]]
> [[[ may be at risk.                                                ]]]
> 



> _______________________________________________
> 57north-discuss mailing list
> 57north-discuss at lists.57north.co
> http://lists.57north.co/listinfo/57north-discuss


-- 
urn:x-human:Iain R. Learmonth
http://iain.learmonth.me/
mailto:irl at fsfe.org
xmpp:irl at jabber.fsfe.org
tel:+447875886930

GPG Fingerprint: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49
Please verify out-of-band before trusting with sensitive information.

[[[ To any GCHQ or other security service agents reading my email: ]]]
[[[ Please consider if any professional body code of conduct to    ]]]
[[[ which you subscribe requires you to follow Snowden's example.  ]]]
[[[ Your professional membership, chartered or incorporated status ]]]
[[[ may be at risk.                                                ]]]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.57north.co/pipermail/57north-discuss/attachments/20140412/2821dea1/attachment.sig>