On Sun, Apr 13, 2014 at 12:22 PM, Brian Sherson <caretake...@gmail.com> wrote: > First question: Is SAGE notebook susceptible to the Heartbleed bug when run > with secure=True?
It depends. Yes... unless you have a new version of the openssl library. It depends a lot on how/where you built Sage and the sage notebook. Did you install the optional openssl sage package? > Secondly, if so, would any connection that attempts to exploit that bug > necessarily show up in the console? No -- that's a subtle bug - it makes it possible to steal random content from the RAM of the server without anyone being the wiser. What the exploit does with the stolen data (a private key, a password, etc.) is up to them. Heartbleed is unbelieviably stomache-churning terrifying... William > > ~Brian > > -- > You received this message because you are subscribed to the Google Groups > "sage-support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sage-support+unsubscr...@googlegroups.com. > To post to this group, send email to sage-support@googlegroups.com. > Visit this group at http://groups.google.com/group/sage-support. > For more options, visit https://groups.google.com/d/optout. -- William Stein Professor of Mathematics University of Washington http://wstein.org -- You received this message because you are subscribed to the Google Groups "sage-support" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-support+unsubscr...@googlegroups.com. To post to this group, send email to sage-support@googlegroups.com. Visit this group at http://groups.google.com/group/sage-support. For more options, visit https://groups.google.com/d/optout.
