[LUNA] heartbleed

John Price jp_luna at gcfl.net
Thu Apr 10 10:44:12 CDT 2014


If it wasn't open source it would be this time next year before we knew
about it.
On Apr 10, 2014 10:39 AM, "Bob Nance" <bob.nance at novationsys.com> wrote:

> So, lesson learned? Stay way behind on updates and maybe you'll avoid
> being affected!
>
> Microsoft should be all over this: "OpenSource is dangerous!"
>
> -Bob
>
>
> --
>  Bob Nance
>
>  Novation Systems
>  256-534-4620; 227
>
>
>
>
>
> On 4/10/14, 10:31 AM, "Chris Brightwell" <chris at dimwell.net> wrote:
>
> >Users of OS X and OS X Server, assuming they're up to date (OS X
> >Mavericks,
> >10.9.2), appear to be unaffected.
> >
> >
> http://www.tuaw.com/2014/04/09/why-the-openssl-heartbleed-bug-doesnt-affec
> >t-os-x-or-os-x-serve/
> >
> >
> >On Thu, Apr 10, 2014 at 10:26 AM, Bob Nance
> ><bob.nance at novationsys.com>wrote:
> >
> >> ALL versions of OpenSSL had the bug.
> >>
> >> There is no way to track that the bug was triggered.
> >>
> >> It did not require you to actually access or authenticate to the system
> >>in
> >> any way.
> >>
> >> The bug, basically, did a memory dump of the running system (as I
> >> understand it).
> >>
> >> So, it must be assumed that EVERY OpenSSL implementation was being
> >> triggered every few minutes since the dawn of time.
> >>
> >> Yes, it¹s that bad.
> >>
> >>
> >>
> >-------------- next part --------------
> >An HTML attachment was scrubbed...
> >URL:
> ><
> http://lunagroup.us/pipermail/luna/attachments/20140410/2347c836/attachme
> >nt.html>
> >_______________________________________________
> >LUNA mailing list
> >LUNA at lunagroup.us
> >http://lunagroup.us/mailman/listinfo/luna
>
> _______________________________________________
> LUNA mailing list
> LUNA at lunagroup.us
> http://lunagroup.us/mailman/listinfo/luna
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lunagroup.us/pipermail/luna/attachments/20140410/f8812646/attachment.html>


More information about the LUNA mailing list