fsuk-manchester
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fsuk-manchester] [phpnw] Heads up - OpenSSL vulnerability HEARTBLEE

From: Darren
Subject: Re: [Fsuk-manchester] [phpnw] Heads up - OpenSSL vulnerability HEARTBLEED
Date: Wed, 9 Apr 2014 12:13:30 +0100
Just to mention the severity of this bug incase the first reaction is to ignore it as a small issue - this bug allows anybody to read parts of the server memory. This means that any data the server handles could possibly be read including usernames and passwords, cookie data or internal application credentials.

Others have been caught out already requiring their user bases to change passwords. If you're effected don't wait to update your servers!

Darren


On Wed, Apr 9, 2014 at 12:00 PM, Jon Spriggs <address@hidden> wrote:
I don't know if any of you follow the Security news, but there's a major issue doing the rounds at the moment in the OpenSSL library (used notably in HTTPS, but also in all sorts of other unexpected places, such as VPN software, Radius servers and Instant Messengers). It has been vulnerable since ~2011 when OpenSSL 1.0.1 was released. See http://heartbleed.com

If you have an HTTPS based site, you might want to check against your server using this tool: http://filippo.io/Heartbleed/

OpenVPN is affected, and under certain circumstances, FreeRadius is too. Some routers, switches, VPN terminators and firewalls may be affected - either via their web interfaces, or by using insecure libraries for internal processes. You should subscribe to at least any security mailing lists for any critical software and infrastructure you're using for your business or social sites (which is how I started hearing about this lot).

Regards,
--
Jon "The Nice Guy" Spriggs

--
--
You received this message because you are subscribed to the Google
Groups "PHPNW" group.
Post to list: address@hidden
Unsubscribe: address@hidden
Archive: http://groups.google.com/group/phpnw?hl=en
 
PHPNW Website: http://phpnw.org.uk/
twitter: http://twitter.com/PHPNW
Events: http://upcoming.yahoo.com/group/4709/
LinkedIn: http://www.linkedin.com/e/gis/112906/3FCE41597A1B
Facebook: http://www.facebook.com/group.php?gid=17897252075
IRC: #phpnw (irc.freenode.net)

---
You received this message because you are subscribed to the Google Groups "PHPNW" group.
To unsubscribe from this group and stop receiving emails from it, send an email to address@hidden.
For more options, visit https://groups.google.com/d/optout.

reply via email to
[Prev in Thread] Current Thread [Next in Thread]