On 2014-04-13, Eduardo M KALINOWSKI <[email protected]> wrote: > On 20h20 12 de Abril de 2014, Steve Litt wrote: >> I'm changing every password: That's about 100 of them. > > That's a good thing to do, but only after the server has patched > openssl and changed its certificate. Otherwise someone could have > captured the private key and other information that could be used to > eavesdrop your newly changed password.
This online tester: http://possible.lv/tools/hb/ provides this sort of output in the critical case: ext 65281 (renegotiation info, length=1) ext 00011 (EC point formats, length=4) ext 00035 (session ticket, length=0) ext 00015 (heartbeat, length=1) <-- Your server supports heartbeat. Bug is possible when linking against OpenSSL 1.0.1f or older. Let me check. Actively checking if CVE-2014-0160 works: Your server appears to be patched against this bug. Checking your certificate Certificate has been reissued since the 0day. Good. <-- Have you changed the passwords? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
