[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fsuk-manchester] Heads up - OpenSSL vulnerability HEARTBLEED

From: Jon Spriggs
Subject: [Fsuk-manchester] Heads up - OpenSSL vulnerability HEARTBLEED
Date: Wed, 9 Apr 2014 12:00:28 +0100

I don't know if any of you follow the Security news, but there's a major issue doing the rounds at the moment in the OpenSSL library (used notably in HTTPS, but also in all sorts of other unexpected places, such as VPN software, Radius servers and Instant Messengers). It has been vulnerable since ~2011 when OpenSSL 1.0.1 was released. See http://heartbleed.com

If you have an HTTPS based site, you might want to check against your server using this tool: http://filippo.io/Heartbleed/

OpenVPN is affected, and under certain circumstances, FreeRadius is too. Some routers, switches, VPN terminators and firewalls may be affected - either via their web interfaces, or by using insecure libraries for internal processes. You should subscribe to at least any security mailing lists for any critical software and infrastructure you're using for your business or social sites (which is how I started hearing about this lot).

Jon "The Nice Guy" Spriggs

reply via email to

[Prev in Thread] Current Thread [Next in Thread]