On Fri, Apr 11, 2014 at 4:37 PM, Rich Shepard wrote:
> On Fri, 11 Apr 2014, Richard Hector wrote:
>
> > Heartbleed isn't a problem with the encryption though; the encryption
> > didn't get broken. Any protocol could probably potentially suffer from a
> > buffer overflow due to a bug in the softwar
On Fri, 11 Apr 2014, Richard Hector wrote:
> Heartbleed isn't a problem with the encryption though; the encryption
> didn't get broken. Any protocol could probably potentially suffer from a
> buffer overflow due to a bug in the software. Given this one leaked info
> from the server process, who's
On Fri, 11 Apr 2014 19:15:00 +1200
Richard Hector wrote:
> On 11/04/14 09:41, ario wrote:
> > On Thu, 10 Apr 2014 19:04:27 +0200
> > Pongrácz István wrote:
> >
> >> > What if they implemented this "feature" to be able to get
> >> > information without trace? :
> > Then they would have succ
On 11/04/14 09:41, ario wrote:
> On Thu, 10 Apr 2014 19:04:27 +0200
> Pongrácz István wrote:
>
>> > What if they implemented this "feature" to be able to get information
>> > without trace? :
> Then they would have succeeded spectacularly with us thinking "there is
> a bug" in OpenSSL.
>
>
On Thu, 10 Apr 2014 19:04:27 +0200
Pongrácz István wrote:
> What if they implemented this "feature" to be able to get information
> without trace? :
Then they would have succeeded spectacularly with us thinking "there is
a bug" in OpenSSL.
My preferred beckup encryption scheme still would
What if they implemented this "feature" to be able to get information without
trace? :
eredeti üzenet-
Feladó: "ario" ledger-smb-us...@infopower.nl
Címzett: ledger-smb-users@lists.sourceforge.net
Dátum: Thu, 10 Apr 2014 15:01:46 +
---
If I were the NSA or GCHQ, I would have _loved_ to have dropped the
developer into the OpenSSL team that coded this 'mistake'. :)
ario
On Thu, 10 Apr 2014 01:14:07 -0700
Chris Travers wrote:
> Hi everyone,
>
> Many of you may have heard of the recent severe OpenSSL vulnerability
> discovered
On Thu, Apr 10, 2014 at 3:49 AM, Peter van Bussel wrote:
> Ouch!
>
>
>
To be clear, we aren't directly affected. The attack is against a web
server and there may be plenty of possible and supported configurations
that are not affected.
However, this is a serious situation even if it is not in ou
Ouch!
Peter
Van: Chris Travers [mailto:chris.trav...@gmail.com]
Verzonden: donderdag 10 april 2014 10:14
Aan: Development discussion for LedgerSMB; LedgerSMB Users; LedgerSMB
Onderwerp: [Ledger-smb-users] My Assessment of the Heartbleed OpenSSL bug
and LedgerSMB
Hi everyone,
Many
Hi everyone,
Many of you may have heard of the recent severe OpenSSL vulnerability
discovered which allows an attacker significant access to a web server's
internal memory. I wanted to share my assessment here as to how this
impacts LedgerSMB, what mitigation and recovery measures I would recomme
10 matches
Mail list logo
