Not affected by Heartbleed then? Nice :)
Moderators: Blue Angel, The Fallen Ones
Not affected by Heartbleed then? Nice :)
Due to recent event I ran a check on the https version of the forum - the site seems pretty well configured, thanks Mark
Night obliterates the day and all the fun begins
The Damned - Curtain Call
Citizen of a nation otherwise populated mainly by blinded, brain damaged xenophobes
The Damned - Curtain Call
Citizen of a nation otherwise populated mainly by blinded, brain damaged xenophobes
- markandre13
- Leviathan
- Posts: 1203
- Joined: Sun Jul 19, 2009 10:47 pm
- Contact:
Re: Not affected by Heartbleed then? Nice :)
No, it's not. It's just old. OpenSSL 0.9.8.
Schneier's comments on this are also great: https://www.schneier.com/blog/archives/ ... bleed.html
Plus those quotes:
"Has anyone looked at all the low-margin non-upgradable embedded systems that use OpenSSL? An upgrade path that involves the trash, a visit to Best Buy, and a credit card isn't going to be fun for anyone."
"I'm hearing that the CAs are completely clogged, trying to reissue so many new certificates. And I'm not sure we have anything close to the infrastructure necessary to revoke half a million certificates."
And all by adding a feature to OpenSSL which makes no sense at all. Brilliant!
Well, it was about time I change my own zillion passwords anyway.
Schneier's comments on this are also great: https://www.schneier.com/blog/archives/ ... bleed.html
Plus those quotes:
"Has anyone looked at all the low-margin non-upgradable embedded systems that use OpenSSL? An upgrade path that involves the trash, a visit to Best Buy, and a credit card isn't going to be fun for anyone."
"I'm hearing that the CAs are completely clogged, trying to reissue so many new certificates. And I'm not sure we have anything close to the infrastructure necessary to revoke half a million certificates."
And all by adding a feature to OpenSSL which makes no sense at all. Brilliant!
Well, it was about time I change my own zillion passwords anyway.
"It's probably better to have him inside the tent pissing out, than outside the tent pissing in." -- Lyndon B. Johnson
Re: Not affected by Heartbleed then? Nice :)
But still scores good on ssllabs feature testmarkandre13 wrote:No, it's not. It's just old. OpenSSL 0.9.8.
Yes, that was really great, bug due to an unnecessary/useless? extension of a feature that, as far as its primary function is concerened, is redundant anywayAnd all by adding a feature to OpenSSL which makes no sense at all. Brilliant!
Night obliterates the day and all the fun begins
The Damned - Curtain Call
Citizen of a nation otherwise populated mainly by blinded, brain damaged xenophobes
The Damned - Curtain Call
Citizen of a nation otherwise populated mainly by blinded, brain damaged xenophobes
- markandre13
- Leviathan
- Posts: 1203
- Joined: Sun Jul 19, 2009 10:47 pm
- Contact:
Re: Not affected by Heartbleed then? Nice :)
Now the https connection is really hit: http://www.openssl.org/news/secadv_20140605.txt
It's also bad timing because I'm off to the WGT.
It's also bad timing because I'm off to the WGT.
"It's probably better to have him inside the tent pissing out, than outside the tent pissing in." -- Lyndon B. Johnson