re: Jim's post from yesterday. From the Full Disclosure list: On Sat, Jun 7, 2014, at 02:04 PM, Craig Young wrote: Yeah, definitely not in the same ballpark as heartbleed fortunately. I have posted a detection script on the Tripwire blog to identify servers permitting the early CCS: http://www.tripwire.com/state-of-security/incident-detection/detection-scrip... It should detect potentially vulnerable hosts with a variety of configurations. Thanks, Craig
Hello, I'm inviting whoever wants to, and is interested in doing so, to add to this guide on openssl issues (which probably given the pace of openssl developments, is very likely not up to par with where it should be for humans to read and benefit meaningfully from it). It's focused on benefiting open source operating system users and throws some tidbits in for Mac/OSX folks as well. Please feel free to make pull request to change it if it needs change, addition, whatever, at: https://github.com/btcfoundationedcom/btcfoundationedcom.github.io/blob/mast... If interested in other sorts of participation (including if you want to join the repo as collaborator), please see the blog at: https://github.com/btcfoundationedcom/btcfoundationedcom.github.io/blob/mast... and the readme at: https://github.com/btcfoundationedcom/btcfoundationedcom.github.io Cheers!
participants (2)
-
Odinn Cyberguerrilla -
shelley@misanthropia.info