=] you are wellcome
2014-04-14 3:48 GMT-03:00 Gayathri Manoj :
> Thanks Roberto for the details information.
>
>
> On Mon, Apr 14, 2014 at 12:07 PM, Roberto Spadim wrote:
>
>> more news:
>> https://www.openssl.org/news/
>>
>>
>> 2014-04-14 3:35 GMT-03:00 Roberto Spadim :
>>
>> from what i know:
Thanks Roberto for the details information.
On Mon, Apr 14, 2014 at 12:07 PM, Roberto Spadim wrote:
> more news:
> https://www.openssl.org/news/
>
>
> 2014-04-14 3:35 GMT-03:00 Roberto Spadim :
>
> from what i know:
>> https://www.openssl.org/news/secadv_20140407.txt
>>
>> OpenSSL Security Advis
more news:
https://www.openssl.org/news/
2014-04-14 3:35 GMT-03:00 Roberto Spadim :
> from what i know:
> https://www.openssl.org/news/secadv_20140407.txt
>
> OpenSSL Security Advisory [07 Apr 2014]
>
>
> TLS heartbeat read overrun (CVE-2014-0160)
> =
from what i know:
https://www.openssl.org/news/secadv_20140407.txt
OpenSSL Security Advisory [07 Apr 2014]
TLS heartbeat read overrun (CVE-2014-0160)
==
A missing bounds check in the handling of the TLS heartbeat ex
Hi All,
Please let me know is this vulnerability will effect the products which are
using openssl version less than openssl 1.0.1
Thanks,
Gayathri
The problem isn't new features the problem is how to write tests that
should find security problems and tests to find bugs
Em domingo, 13 de abril de 2014, ag@gmail
escreveu:
> That is the state of software industry today, so no surprises there.
> Organizations who spend time and effort on fixi
Hi,
I think your client is vulnerable, if the attacker can touch your client.
Regards,
Jin
On Fri, Apr 11, 2014 at 5:32 PM, cvishnuid wrote:
> Hi I am having 0.9.8 open ssl libraries in my server and 1.0.1 in my
> client. Am I venerable to heart bleed attach? Regards, Vishnu.
> ---
That is the state of software industry today, so no surprises there.
Organizations who spend time and effort on fixing code (generic usage) are far
and few in between (close to being non-existent).
-Amarendra
--
sent via 100% recycled electrons from my mobile command center.
> On Apr 13, 2014,
On 04/13/2014 10:54 AM, Michael Ströder wrote:
> ...
>
> A clarifying note especially to OpenSSL developers:
> Many thanks for your work and I feel your pain these days.
> But maybe it's the right time to think about putting two feet on the brake
> pedal against the feature bloat.
I heartily agre
>> Just to clarify any possible confusion, whether or not a piece of software
>> actively uses the heartbeat makes no difference to the bug, you are still
>> vulnerable simply by virtue of the feature being there. Make sure that if
>> you are using an effected version of openssl, you patch openssl.
Graham Leggett wrote:
> On 13 Apr 2014, at 2:04 PM, Michael Ströder wrote:
>> No, it does *not* answer the question.
>>
>> The question was: Who is currently using it?
>
> Just to clarify any possible confusion, whether or not a piece of software
> actively uses the heartbeat makes no difference
On Fri, 11 Apr 2014, Steve Marquess wrote:
Swift/IBAN electronic bank transfers as done in most of the world are
difficult here, with fees. I could set up a charge card
(Visa/Mastercard) merchant account, but the recurring fees for that
would eat up much of what is typically received in donati
On 13 Apr 2014, at 2:04 PM, Michael Ströder wrote:
> No, it does *not* answer the question.
>
> The question was: Who is currently using it?
Just to clarify any possible confusion, whether or not a piece of software
actively uses the heartbeat makes no difference to the bug, you are still
vul
Graham Leggett wrote:
> On 13 Apr 2014, at 12:25 PM, Hanno Böck wrote:
>
>> I wasn't really sure where to ask this, but I think this list is
>> appropriate.
>>
>> While having read so much about heartbleed, one question stays
>> unanswered for me all the time:
>> What's the use of this heartbeat
On Sun, Apr 13, 2014 at 7:49 AM, Hanno Böck wrote:
> On Sun, 13 Apr 2014 13:12:41 +0200
> Graham Leggett wrote:
>
>> On 13 Apr 2014, at 12:25 PM, Hanno Böck wrote:
>>
>> > Is there any software out there that doees anything with heatbeat?
>> > And more specifically: If there is, is it using TCP
On Sun, 13 Apr 2014 13:12:41 +0200
Graham Leggett wrote:
> On 13 Apr 2014, at 12:25 PM, Hanno Böck wrote:
>
> > Is there any software out there that doees anything with heatbeat?
> > And more specifically: If there is, is it using TCP or UDP?
>
> The RFC answers this:
No, it doesn't.
My ques
On 13 Apr 2014, at 12:25 PM, Hanno Böck wrote:
> I wasn't really sure where to ask this, but I think this list is
> appropriate.
>
> While having read so much about heartbleed, one question stays
> unanswered for me all the time:
> What's the use of this heartbeat extension? I mean not the theor
Hi,
I wasn't really sure where to ask this, but I think this list is
appropriate.
While having read so much about heartbleed, one question stays
unanswered for me all the time:
What's the use of this heartbeat extension? I mean not the theoretical
use (I can imagine that) but the use in practise.
18 matches
Mail list logo
