[LUNA] heartbleed

Jared Wilkinson jared52 at gmail.com
Thu Apr 10 10:30:09 CDT 2014


Only 1.0.1 had the bug. 0.9.8 and 1.0.0 don't.


On Thu, Apr 10, 2014 at 10:26 AM, Bob Nance <bob.nance at novationsys.com>wrote:

> ALL versions of OpenSSL had the bug.
>
> There is no way to track that the bug was triggered.
>
> It did not require you to actually access or authenticate to the system in
> any way.
>
> The bug, basically, did a memory dump of the running system (as I
> understand it).
>
> So, it must be assumed that EVERY OpenSSL implementation was being
> triggered every few minutes since the dawn of time.
>
> Yes, it¹s that bad.
>
>
> --
>  Bob Nance
>
>  Novation Systems
>  256-534-4620; 227
>
>
>
>
>
> On 4/10/14, 6:54 AM, "Allen Krell" <allen.krell at gmail.com> wrote:
>
> >I am just picking up on news stories on the 'heartbleed' problem.   Is it
> >really as serious as some sites are saying?  Almost every website, every
> >password compromised?
> >
> >Allen
> >-------------- next part --------------
> >An HTML attachment was scrubbed...
> >URL:
> ><
> http://lunagroup.us/pipermail/luna/attachments/20140410/8b113ad5/attachme
> >nt.html>
> >_______________________________________________
> >LUNA mailing list
> >LUNA at lunagroup.us
> >http://lunagroup.us/mailman/listinfo/luna
>
> _______________________________________________
> LUNA mailing list
> LUNA at lunagroup.us
> http://lunagroup.us/mailman/listinfo/luna
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lunagroup.us/pipermail/luna/attachments/20140410/1ae7e862/attachment.html>


More information about the LUNA mailing list