Heho,
Yes, the one Christof posted; I was somehow expecting everyone had gotten those
notifications over the past weeks.
Referring to the Malwaretech blog, making exactly my point:
"Likelihood of exploitation
Give the fact the vulnerability is primarily client-side, requires the
malicious certi
On Tue, Nov 01, 2022 at 06:25:49PM +0100, Jaroslaw Rafa via mailop wrote:
> Dnia 1.11.2022 o godz. 17:46:26 Tobias Fiebig via mailop pisze:
> > So mail might be one of the few cases where the OpenSSL bug is relevant
> > (even though not many run their MTAs on Ubuntu 22.04 or similar, I guess;
> >
Dnia 1.11.2022 o godz. 17:46:26 Tobias Fiebig via mailop pisze:
> So mail might be one of the few cases where the OpenSSL bug is relevant
> (even though not many run their MTAs on Ubuntu 22.04 or similar, I guess;
> Docker world might be different, no clue what mailcow is doing).
Could you provid
Heho,
Just as a side note/PSA in case people missed this; While the Internet is
moving towards a 'well, that OpenSSL bug was not t bad; It would need
either a malicious server with a _signed_ cert (or cert checks being disabled),
OR a malicious client and the use of cert-auth' perspective...