Am 10. Apr, 2014 schwätzte David Blank-Edelman so:
moin moin,
evidence of Heartbleed attack in November doesn't reduce the scope for
me...
It does ratchet up the chants of "change all the passwords".
:)
Any recommendations for the desktop?
I'm giving a presentation tonight and would rather n
On 04/10/2014 10:28 AM, David Blank-Edelman wrote:
> On Apr 10, 2014, at 1:24 PM, Phil Pennock wrote:
>
>> Someone looking at their packet capsure logs showing scans in March
>> 2014:
>>
>> http://www.seacat.mobi/blog/heartbleed
>
> Followup to that one on EFFs site:
>
> https://www.eff.org/dee
On Apr 10, 2014, at 1:24 PM, Phil Pennock wrote:
> Someone looking at their packet capsure logs showing scans in March
> 2014:
>
> http://www.seacat.mobi/blog/heartbleed
Followup to that one on EFFs site:
https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbl
On 2014-04-10 at 01:01 -0700, der.hans wrote:
> The bug has been around a ocuple of years, but thus far I haven't seen any
> claims that it was being exploited before the announcement went public.
Claims of exploits being detected in November 2013.
http://arstechnica.com/security/2014/04/heartble
moin moin,
OK, now that everyone has really, really committed to better automating
the rollout of new keys...
What about the desktop side? Apparently browsers except Chrome don't use
OpenSSL and Chrome has heartbeat disabled, but a web site attack might
have revealed credentials, browser cookies
