> http://heartbleed.com/
>
> The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
> cryptographic software library. This weakness allows stealing the
> information protected, under normal conditions, by the SSL/TLS encryption
> used to secure the Internet. SSL/TLS provides communica
>> http://heartbleed.com/
>> ...
>
> Patch your stuff.
Indeed. Please see...
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor
On 4/7/2014 6:14 PM, grarpamp wrote:
http://heartbleed.com/
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library. This weakness allows stealing the
information protected, under normal conditions, by the SSL/TLS encryption
used to secure the Internet
On Tue, Apr 8, 2014 at 2:02 PM, Joe Btfsplk wrote:
>> On 4/7/2014 6:14 PM, grarpamp wrote:
>> http://heartbleed.com/
>> Patch your stuff.
> Comments / suggestions from those w/ in depth knowledge in this area? How
> users should proceed; how to check if sites used (banks, email, retail
> sites,
On 4/8/2014 4:25 PM, grarpamp wrote:
On Tue, Apr 8, 2014 at 2:02 PM, Joe Btfsplk wrote:
On 4/7/2014 6:14 PM, grarpamp wrote:
http://heartbleed.com/
Patch your stuff.
Comments / suggestions from those w/ in depth knowledge in this area? How
users should proceed; how to check if sites used (ban
On 4/8/2014 5:24 PM, Joe Btfsplk wrote:
On 4/8/2014 4:25 PM, grarpamp wrote:
https://blog.torproject.org/ covers what to do for Tor things.
For everything else on the net, fix the clients and servers you're
responsible for. Then...
You're right, there's a big gotcha in all this, users won't r
Would be interesting if someone created an app to test for the problem and
then published which big websites are slow to upgrade.
that would certainly be good for consumers.
On Wed, Apr 9, 2014 at 9:57 AM, Joe Btfsplk wrote:
> On 4/8/2014 5:24 PM, Joe Btfsplk wrote:
>
>> On 4/8/2014 4:25 PM, gr
On 4/9/2014 12:57 PM, Joe Btfsplk wrote:
On 4/8/2014 5:24 PM, Joe Btfsplk wrote:
On 4/8/2014 4:25 PM, grarpamp wrote:
https://blog.torproject.org/ covers what to do for Tor things.
.snip.
http://s3.jspenguin.org/ssltest.py
https://gist.github.com/takeshixx/10107280
https://github.com/FiloSot
On Wed, Apr 09, 2014 at 02:29:19PM -0400, Christopher J. Walters wrote:
> It seems no one wants to talk or hear about this issue. It is not
> being reported on media sites or anywhere else, other than the
> Heartbleed site, and the OpenSSL lists.
And FD... and arstechnica... and Heise...
> This
On 4/9/2014 3:04 PM, Michael Wolf wrote:
On 4/9/2014 2:29 PM, Christopher J. Walters wrote:
This bug has been a known issue for about 2 years, and we are only now
learning about it.
The bug has existed for about 2 years, but was not a "known issue"
before the last week or so. (Excluding, of
On 4/9/2014 2:49 PM, Jann Horn wrote:
On Wed, Apr 09, 2014 at 02:29:19PM -0400, Christopher J. Walters wrote:
It seems no one wants to talk or hear about this issue. It is not
being reported on media sites or anywhere else, other than the
Heartbleed site, and the OpenSSL lists.
And FD... and
On 4/9/2014 2:29 PM, Christopher J. Walters wrote:
> This bug has been a known issue for about 2 years, and we are only now
> learning about it.
The bug has existed for about 2 years, but was not a "known issue"
before the last week or so. (Excluding, of course, criminals and such
who may have f
On Wed, Apr 09, 2014 at 03:07:11PM -0400, Christopher J. Walters wrote:
> On 4/9/2014 3:04 PM, Michael Wolf wrote:
> >On 4/9/2014 2:29 PM, Christopher J. Walters wrote:
> >
> >>This bug has been a known issue for about 2 years, and we are only now
> >>learning about it.
> >
> >The bug has existed f
On 4/9/2014 12:36 PM, Andrew F wrote:
Would be interesting if someone created an app to test for the problem and
then published which big websites are slow to upgrade.
that would certainly be good for consumers.
Well, one website sorta has. They seem to have more extensive testing
for overall s
On 4/9/2014 1:29 PM, Christopher J. Walters wrote:
It seems no one wants to talk or hear about this issue. It is not
being reported on media sites or anywhere else, other than the
Heartbleed site, and the OpenSSL lists
It's all over the internet, when I look in Ixquick / Startpage.
Possible t
On Wed, Apr 9, 2014 at 5:43 PM, Joe Btfsplk wrote:
> On 4/9/2014 1:29 PM, Christopher J. Walters wrote:
>>
>> It seems no one wants to talk or hear about this issue. It is not being
>> reported on media sites or anywhere else, other than the Heartbleed site,
>> and the OpenSSL lists
>
> It's all o
On Wed, Apr 9, 2014 at 2:29 PM, Christopher J. Walters >
> It makes me wonder if the NSA was involved in inserting this bug into
> OpenSSL clients and servers.
That would be 2+ years of amazing win on NSA part [1]. Any unlikely
impropriety would come out soon. More likely reality... opensource
pe
On Wed, Apr 9, 2014 at 12:57 PM, Joe Btfsplk wrote:
> As of late morning, 4/9/14, one of my banks (takes > 1 to hold all my $ :D)
> still hasn't patched it.
Well I did say "you have to trust they did... sometime during the
falloff curve". Unfortunately some ride till the tail end of long curves
w
On Fri, Apr 11, 2014 at 9:37 AM, Cathal Garvey (Phone)
wrote:
> It'd be hard to hide an insertion if the devs all dig into the hashes of
> commits of their own local repos and compare, right? Even a broken hash
> would require changing input, so they could go an extra step and verify each
> commit
19 matches
Mail list logo
