[LUNA] heartbleed
Bob Nance
bob.nance at novationsys.com
Thu Apr 10 10:39:15 CDT 2014
So, lesson learned? Stay way behind on updates and maybe you’ll avoid
being affected!
Microsoft should be all over this: “OpenSource is dangerous!”
-Bob
--
Bob Nance
Novation Systems
256-534-4620; 227
On 4/10/14, 10:31 AM, "Chris Brightwell" <chris at dimwell.net> wrote:
>Users of OS X and OS X Server, assuming they're up to date (OS X
>Mavericks,
>10.9.2), appear to be unaffected.
>
>http://www.tuaw.com/2014/04/09/why-the-openssl-heartbleed-bug-doesnt-affec
>t-os-x-or-os-x-serve/
>
>
>On Thu, Apr 10, 2014 at 10:26 AM, Bob Nance
><bob.nance at novationsys.com>wrote:
>
>> ALL versions of OpenSSL had the bug.
>>
>> There is no way to track that the bug was triggered.
>>
>> It did not require you to actually access or authenticate to the system
>>in
>> any way.
>>
>> The bug, basically, did a memory dump of the running system (as I
>> understand it).
>>
>> So, it must be assumed that EVERY OpenSSL implementation was being
>> triggered every few minutes since the dawn of time.
>>
>> Yes, it¹s that bad.
>>
>>
>>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><http://lunagroup.us/pipermail/luna/attachments/20140410/2347c836/attachme
>nt.html>
>_______________________________________________
>LUNA mailing list
>LUNA at lunagroup.us
>http://lunagroup.us/mailman/listinfo/luna
More information about the LUNA
mailing list