re: Jim's post from yesterday. From the Full Disclosure list: On Sat, Jun 7, 2014, at 02:04 PM, Craig Young wrote: Yeah, definitely not in the same ballpark as heartbleed fortunately. I have posted a detection script on the Tripwire blog to identify servers permitting the early CCS: http://www.tripwire.com/state-of-security/incident-detection/detection-scrip... It should detect potentially vulnerable hosts with a variety of configurations. Thanks, Craig
On Jun 6, 2014 3:36 AM, "P Vixie" <> wrote:
This does not appear to be the same panic level as the previous patch. In other words the previous openssl vuln was worse than the instability of all-night patching. This one is not. Take time to roll out right.
On June 5, 2014 7:51:50 AM PDT, Jordan Urie <> wrote:
Ladies and Gentlemen,
There's an MITM in there, and a potential for buffer over-runs.
Patch up :-)
Jordan
--
Jordan R. Urie
UP Technology Consulting, Inc. 1129 - 177A St. SW Edmonton, AB T6W 2A1 Phone:
www.uptech.ca
_______________________________________________ Sent through the Full Disclosure mailing list
Web Archives & RSS:
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________ Sent through the Full Disclosure mailing list
Web Archives & RSS:
_______________________________________________ Sent through the Full Disclosure mailing list
Web Archives & RSS: