The follow-on links are pretty good too. -- Owen
On Thu, Apr 10, 2014 at 10:20 AM, Joshua Thorp <jos...@stigmergic.net>wrote: > according to > https://www.schneier.com/blog/archives/2014/04/heartbleed.html > > http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat > > apparently the bug gives access to 64K chunk of ram on the server. The > private key might be in that chunk, but probably won't be... however you > will get different chunks over time so if you wait long enough you might > end up with a chunk that has a private key or someone's password. > > --joshua > > On Apr 10, 2014, at 10:05 AM, Owen Densmore <o...@backspaces.net> wrote: > > Hi Barry. How would the private keys be exposed? The pub/priv > computation is done locally, right? > > BTW: All node servers are secure due to their ssl config turning off the > "heartbeat" option. NodeWeekly: > Node 0.8.x and 0.10.2+ Not Vulnerable to Heartbleed > Issue<http://nodeweekly.us1.list-manage1.com/track/click?u=0618f6a79d6bb9675f313ceb2&id=48089106bd&e=5de03852bb> > -- Popular Node versions aren't exposed to the Heartbleed > vulnerability<http://nodeweekly.us1.list-manage.com/track/click?u=0618f6a79d6bb9675f313ceb2&id=f4a4a00af1&e=5de03852bb> > as > the heartbeat extension was turned off in a Node commit a year ago. Yay. > *GITHUB* > > -- Owen > > > On Thu, Apr 10, 2014 at 9:51 AM, Barry MacKichan < > barry.mackic...@mackichan.com> wrote: > >> It is a major PITA. Certificates on affected servers (which include >> Amazon EC2 Linus servers) may have had their private keys exposed, so >> certificates have to be reissued with different keys. This is, apparently, >> a major bottleneck. >> >> --Barry >> >> >> >> >> On 9 Apr 2014, at 21:23, Owen Densmore wrote: >> >> Worth knowing about: >>> >>> http://www.washingtonpost.com/news/morning-mix/wp/2014/04/ >>> 09/major-bug-called-heartbleed-exposes-data-across-the-internet/ >>> >>> Pretty serious crypto flaw. >>> >>> [image: Inline image 1] >>> -- Owen >>> >>> [image.png] >>> >>> ============================================================ >>> FRIAM Applied Complexity Group listserv >>> Meets Fridays 9a-11:30 at cafe at St. John's College >>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com >>> >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9a-11:30 at cafe at St. John's College >> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com >> > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com >
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
