For Systems Administrators who missed this broadcast live, it is also available via a recorded webcast.
I most highly recommend that if you are in charge of any server that is vulnerable to heartbleed (in CentOS terms, that is anyone with SSL/TLS services and CentOS-6.5 installed) that you absolutely make time to watch and understand this video. It is 1 hour and 12 minutes long. Watch this ... Do it. Note: It does require a SANs Login .. you should have one anyway :) On 04/09/2014 12:44 PM, Connie Sieh wrote: > For even more information about "Heartbleed". > > -Connie Sieh > > ---------- Forwarded message ---------- > Date: Wed, 9 Apr 2014 12:27:54 -0500 > From: The SANS Institute <newsbi...@sans.org> > Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability > > FLASH NewsBites - Heartbleed Open SSL Vulnerability > > FLASH NewsBites are issued only when a security event demands global and > immediate action. The HeartBleed Open SSL vulnerability fits that > description. > > Proof: More than 200 students at SANS 2014 in Orlando this week spent 2 > hours in a briefing on Heartbleed last night after full days of classes. > This one matters. > > Tonight at 8:15 SANS faculty member Jake Williams will present a > briefing explaining the HeartBleed vulnerability and what it means to > you. Jake says: "Another 24 hours have passed since the initial > presentation and we know more about what is vulnerable and what isn't. > Even if you attended the short presentation last night at #SANS2014, > this is a don't miss event." > > Jake will cover the actual structure of the vulnerability, methods for > detection, and what you need to do (both as a systems admin and an end > user). Jake will also perform live demos against a vulnerable server so > you see first hand what can be exposed. Finally, we'll be releasing > packet captures containing the exploit (suitable for testing your IDS > rules). > > Register at: > https://www.sans.org/webcasts/openssl-heartbleed-vulnerability-98105 > > Jake Williams, a principal consultant at CSRgroup Computer Security > Consultants, has over a decade of experience in secure network design, > penetration testing, incident response, forensics, and malware reverse > engineering. Prior to joining CSRgroup, he worked with various > government agencies in information security roles. > > Jake has twice won the annual DC3 Digital Forensics Challenge and has > spoken at several regional ISSA meetings, Shmoocon, and the DC3 > Conference, as well as numerous US government conferences. > > Jake is currently pursuing a PhD in Computer Science where he is > researching new techniques for botnet detection. His research interests > include protocol analysis, binary analysis, malware RE methods, > subverting the security of cloud technologies, and methods for > identifying malware Command and Control (C2) techniques. > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
