Dawnrazor.co.uk

Fields of the Nephilim Discussion Forum
https://dawnrazor.co.uk/forum/

Not affected by Heartbleed then? Nice :)

https://dawnrazor.co.uk/forum/viewtopic.php?f=14&t=4621

Page 1 of 1

Not affected by Heartbleed then? Nice :)

Posted: Thu Apr 10, 2014 8:00 pm
by Enoch
Due to recent event I ran a check on the https version of the forum - the site seems pretty well configured, thanks Mark :)

Re: Not affected by Heartbleed then? Nice :)

Posted: Fri Apr 11, 2014 3:46 am
by markandre13
No, it's not. It's just old. OpenSSL 0.9.8. :lol:

Schneier's comments on this are also great: https://www.schneier.com/blog/archives/ ... bleed.html

Plus those quotes:

"Has anyone looked at all the low-margin non-upgradable embedded systems that use OpenSSL? An upgrade path that involves the trash, a visit to Best Buy, and a credit card isn't going to be fun for anyone."

"I'm hearing that the CAs are completely clogged, trying to reissue so many new certificates. And I'm not sure we have anything close to the infrastructure necessary to revoke half a million certificates."

And all by adding a feature to OpenSSL which makes no sense at all. Brilliant!

Well, it was about time I change my own zillion passwords anyway.

Re: Not affected by Heartbleed then? Nice :)

Posted: Mon May 12, 2014 11:12 pm
by Enoch
markandre13 wrote:No, it's not. It's just old. OpenSSL 0.9.8. :lol:
But still scores good on ssllabs feature test ;)
And all by adding a feature to OpenSSL which makes no sense at all. Brilliant!
Yes, that was really great, bug due to an unnecessary/useless? extension of a feature that, as far as its primary function is concerened, is redundant anyway :mrgreen:

Re: Not affected by Heartbleed then? Nice :)

Posted: Thu Jun 05, 2014 4:34 pm
by markandre13
Now the https connection is really hit: http://www.openssl.org/news/secadv_20140605.txt
It's also bad timing because I'm off to the WGT.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited