This is serious. While IDS/IPS may be programmed to detect it at this
point it is too late because the hacker has already obtained the keys to
the kingdom. Just had a security code development seminar today with
contracted pen-testers and this was a very hot topic. If Heartbeat is
enabled on
Patches have been released overnight for:
CentOS 6.x:
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
RHEL 6.x: https://access.redhat.com/security/cve/CVE-2014-0160
https://rhn.redhat.com/errata/RHSA-2014-0376.html
Debian 7/Wheezy, 6/Squeeze via the security repo (make
moin moin,
Based on the following page:
OpenSSL heartbeat is enabled even if you're not using it unless you
disabled it at compile time.
The vulnerability has been in place for two years ( version 1.0.1 up until
1.0.1g that was just released ).
It can be exploited to reveal your private key
thank for the heads up!
:-)~MIKE~(-:
On Mon, Apr 7, 2014 at 1:57 PM, der.hans pl...@lufthans.com wrote:
moin moin,
Based on the following page:
OpenSSL heartbeat is enabled even if you're not using it unless you
disabled it at compile time.
The vulnerability has been in place for two