re: Jim's post from yesterday. From the Full Disclosure list: On Sat, Jun 7, 2014, at 02:04 PM, Craig Young wrote: Yeah, definitely not in the same ballpark as heartbleed fortunately. I have posted a detection script on the Tripwire blog to identify servers permitting the early CCS: http://www.tripwire.com/state-of-security/incident-detection/detection-scrip... It should detect potentially vulnerable hosts with a variety of configurations. Thanks, Craig
On Jun 6, 2014 3:36 AM, "P Vixie" <> wrote:
This does not appear to be the same panic level as the previous patch. In other words the previous openssl vuln was worse than the instability of all-night patching. This one is not. Take time to roll out right.
On June 5, 2014 7:51:50 AM PDT, Jordan Urie <> wrote:
Ladies and Gentlemen,
There's an MITM in there, and a potential for buffer over-runs.
Patch up :-)
Jordan
--
Jordan R. Urie
UP Technology Consulting, Inc. 1129 - 177A St. SW Edmonton, AB T6W 2A1 Phone:
www.uptech.ca
_______________________________________________ Sent through the Full Disclosure mailing list
Web Archives & RSS:
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________ Sent through the Full Disclosure mailing list
Web Archives & RSS:
_______________________________________________ Sent through the Full Disclosure mailing list
Web Archives & RSS:
Hello, I'm inviting whoever wants to, and is interested in doing so, to add to this guide on openssl issues (which probably given the pace of openssl developments, is very likely not up to par with where it should be for humans to read and benefit meaningfully from it). It's focused on benefiting open source operating system users and throws some tidbits in for Mac/OSX folks as well. Please feel free to make pull request to change it if it needs change, addition, whatever, at: https://github.com/btcfoundationedcom/btcfoundationedcom.github.io/blob/mast... If interested in other sorts of participation (including if you want to join the repo as collaborator), please see the blog at: https://github.com/btcfoundationedcom/btcfoundationedcom.github.io/blob/mast... and the readme at: https://github.com/btcfoundationedcom/btcfoundationedcom.github.io Cheers!
re: Jim's post from yesterday. From the Full Disclosure list:
On Sat, Jun 7, 2014, at 02:04 PM, Craig Young wrote: Yeah, definitely not in the same ballpark as heartbleed fortunately.
I have posted a detection script on the Tripwire blog to identify servers permitting the early CCS: http://www.tripwire.com/state-of-security/incident-detection/detection-scrip...
It should detect potentially vulnerable hosts with a variety of configurations.
Thanks, Craig
On Jun 6, 2014 3:36 AM, "P Vixie" <> wrote:
This does not appear to be the same panic level as the previous patch. In other words the previous openssl vuln was worse than the instability of all-night patching. This one is not. Take time to roll out right.
On June 5, 2014 7:51:50 AM PDT, Jordan Urie <> wrote:
Ladies and Gentlemen,
There's an MITM in there, and a potential for buffer over-runs.
Patch up :-)
Jordan
--
Jordan R. Urie
UP Technology Consulting, Inc. 1129 - 177A St. SW Edmonton, AB T6W 2A1 Phone:
www.uptech.ca
_______________________________________________ Sent through the Full Disclosure mailing list
Web Archives & RSS:
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________ Sent through the Full Disclosure mailing list
Web Archives & RSS:
_______________________________________________ Sent through the Full Disclosure mailing list
Web Archives & RSS:
participants (2)
-
Odinn Cyberguerrilla -
shelley@misanthropia.info