[Cialug] CentOS SSL
Josh Reichardt
josh.reichardt at gmail.com
Thu Apr 10 09:10:14 CDT 2014
So if people had been abusing the vulnerability prior to the
announcement to collect information on various systems, would it also be
safe to assume that you should change passwords as well after patching and
reissuing certs?
On Wednesday, April 9, 2014, Crouse <crouse at usalug.net> wrote:
> https://www.ssllabs.com/ssltest/index.html It's been hammered pretty
> hard,
> but it gives back good info.
>
>
> On Wed, Apr 9, 2014 at 8:53 PM, Josh More <jmore at starmind.org> wrote:
>
> > There's some concern in the security community that some of the new SSL
> > check sites that have appeared are collecting data for less than
> honourable
> > purposes.
> >
> > No proof that I know of, but a lot of suspicion.
> >
> > -Josh
> >
> >
> > On Wed, Apr 9, 2014 at 8:50 PM, Brett Neese <brett at brettneese.com>
> wrote:
> >
> > > i like this website better: http://privatekeycheck.com/
> > >
> > > Brett Neese
> > > 563-210-3459
> > >
> > >
> > >
> > > On Thu, Apr 10, 2014 at 9:47 AM, Brian Broughton
> > > <brian-broughton at mchsi.com>wrote:
> > >
> > > > Found this ruby script to test your devices or servers for this issue
> > > >
> > > > Https://get hub.com/emboss/heartbeat
> > > >
> > > > What do you all think, this produce valid results?
> > > >
> > > > Sent from my HTC One on the Verizon Wireless 4G LTE network
> > > >
> > > > ----- Reply message -----
> > > > From: "Josh More" <jmore at starmind.org>
> > > > To: "Central Iowa Linux Users Group" <cialug at cialug.org>
> > > > Subject: [Cialug] CentOS SSL
> > > > Date: Wed, Apr 9, 2014 8:36 PM
> > > >
> > > > Yep.
> > > >
> > > > Should be here by 3pm tomorrow:
> > > > https://www.sans.org/webcasts/archive/2014
> > > >
> > > > Also, there's a test PCAP here if you want to play:
> > http://bit.ly/0FErmw
> > > >
> > > > And a test Python script here: http://bit.ly/1ksnuLe
> > > >
> > > > -Josh
> > > >
> > > >
> > > >
> > > > On Wed, Apr 9, 2014 at 8:31 PM, Brian Broughton
> > > > <brian-broughton at mchsi.com>wrote:
> > > >
> > > > > For those who sat in on this presentation, I was interrupted
> several
> > > > times
> > > > > during the presentation, anybody get the address where the webinar
> is
> > > > going
> > > > > to be shared from?
> > > > >
> > > > > -----Original Message-----
> > > > > From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org]
> > On
> > > > > Behalf
> > > > > Of Daniel A. Ramaley
> > > > > Sent: Wednesday, April 09, 2014 5:57 PM
> > > > > To: Josh More
> > > > > Cc: Central Iowa Linux Users Group
> > > > > Subject: Re: [Cialug] CentOS SSL
> > > > >
> > > > > That's probably enough of a starting point for what i need to
> argue.
> > > > > Thank you!
> > > > >
> > > > > On 2014-04-09 at 17:53:02 Josh More wrote:
> > > > > > I don't have anything public, though some might be released at
> > > > > > tonight's SANS webcast. (
> > > > > >
> > https://www.sans.org/webcasts/openssl-heartbleed-vulnerability-98105)
> > > > > >
> > > > > > There has been a lot of discussion on several private security
> > lists.
> > > > > > Signatures are being written for the common IDS systems (Tipping
> > > Point
> > > > > > and SourceFire are mostly what are being discussed) and people
> have
> > > > > > been going through their saved packet captures. Many are
> reporting
> > > > > > tons
--
Josh Reichardt
Web: thepracticalsysadmin.com | about.me <http://about.me/jmreicha>
More information about the Cialug
mailing list