Friam - Re: Major bug called 'Heartbleed' exposes Internet data

Friam

Re: Major bug called 'Heartbleed' exposes Internet data

Posted by Owen Densmore on
URL: http://friam.383.s1.nabble.com/Fwd-Major-bug-called-Heartbleed-exposes-Internet-data-tp7585135p7585139.html

Hi Barry. How would the private keys be exposed? The pub/priv computation is done locally, right?

BTW: All node servers are secure due to their ssl config turning off the "heartbeat" option. NodeWeekly:

Node 0.8.x and 0.10.2+ Not Vulnerable to Heartbleed Issue — Popular Node versions aren’t exposed to the Heartbleed vulnerability as the heartbeat extension was turned off in a Node commit a year ago. Yay.

GITHUB

-- Owen

On Thu, Apr 10, 2014 at 9:51 AM, Barry MacKichan <[hidden email]> wrote:

It is a major PITA. Certificates on affected servers (which include Amazon EC2 Linus servers) may have had their private keys exposed, so certificates have to be reissued with different keys. This is, apparently, a major bottleneck.

—Barry

On 9 Apr 2014, at 21:23, Owen Densmore wrote:

Worth knowing about:

http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/

Pretty serious crypto flaw.

[image: Inline image 1]
-- Owen

[image.png]

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com