On 14/04/14 19:49, Curt wrote: > On 2014-04-14, Richard Hector <rich...@walnut.gen.nz> wrote: >> >> This one, on the other hand, was generally not predicted, and was widely >> exploited before people got a chance to fix it. That's presumably still >> going on. > > Widely exploited? > > http://en.wikipedia.org/wiki/Heartbleed > > Possible exploitation prior to disclosure > > Many major web sites patched or disabled the bug within days of > its announcement,[30] but it is unclear whether potential attackers were > aware of > it earlier and to what extent it was exploited. Based on examinations of > audit logs > by researchers, it has been reported that some attackers may have exploited > the > flaw for at least five months before discovery and announcement.[31][32] > Errata > Security has partially rejected this hypothesis,[33] whereas the Department > of > Homeland Security believes that as of April 11, "there have not been any > reported > attacks or malicious incidents involving this particular vulnerability > confirmed". > >
Thanks Curt. People please don't panic, when in doubt disbelieve the journalistic hype. Despite what some "journalists" would have you believe (I'm looking at you, the aptly named Ben Grubb) it's still safe to use the internet. For a short and reliable guide to the problem and it's effects read:- http://www.licquia.org/archives/2014/04/13/my-heart-bleeds-or-whats-going-on-with-heartbleed/ http://heartbleed.com/ Affected applications:- https://www.openssl.org/related/apps.html Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/534be6dc.9060...@gmail.com
