moin moin, Based on the following page:
OpenSSL heartbeat is enabled even if you're not using it unless you disabled it at compile time. The vulnerability has been in place for two years ( version 1.0.1 up until 1.0.1g that was just released ). It can be exploited to reveal your private key without leaving a trace. IDS can probably be configured to detect the attack. http://heartbleed.com/ ciao, der.hans -- # http://www.LuftHans.com/ http://www.LuftHans.com/Classes/ # "The first requisite of a good citizen in this republic of ours is that # he should be able and willing to pull his weight." -- Theodore Roosevelt --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
