[General] Heartbleed Vulnerability

Arthur Arthur at cd-net.net
Wed Apr 9 15:04:58 CDT 2014


Thanks for the recommendation of StartSSL. Unfortunately, I just found this
article:
http://www.techdirt.com/articles/20140409/11442426859/shameful-security-startcom-charges-people-to-revoke-ssl-certs-vulnerable-to-heartbleed.shtml

Basically, the company is acting like EA or Bank of America.
While I'll go with them if I have to, do you have any other recommendations?


On Tue, Apr 8, 2014 at 3:29 PM, Hunter Fuller <hfuller at pixilic.com> wrote:

> Home routers likely use it but they don't have any secure services running
> usually. Cisco IOS is not vulnerable.
>
> For certs, StartSSL is cheap or free, depending on your usage.
>
> -- Hunter Fuller
> On Apr 8, 2014 2:19 PM, "Arthur" <Arthur at cd-net.net> wrote:
>
>> Does anyone have any idea about embedded devices like routers.
>> For instance, does Cisco IOS use openssl?  How about home routers?
>>
>> Oh well, it was about time for me to get a new ssl cert anyways.  Can
>> anyone recommend somewhere cheap?
>> Because yeah, not only do you need to patch, you need to* revoke your
>> old certs*.  That's how bad this is.
>>
>>
>> On Tue, Apr 8, 2014 at 2:55 PM, Hunter Fuller <hfuller at pixilic.com>wrote:
>>
>>> I wanted everyone to know about this if they didn't already.
>>>
>>> http://heartbleed.com/
>>> proof of concept: https://www.mattslifebytes.com/?p=533
>>>
>>> Even if you don't give a shit about computer security, please, please
>>> take note of this. There are sites around the Web that are leaking
>>> credentials like a sieve. UAH services were patched as of ~3am, however,
>>> okcupid is still leaking credentials. I would advise not logging into okc,
>>> or anything non-critical, until you can verify it's been patched.
>>>
>>> Surf safe.
>>>
>>> --
>>> Hunter Fuller
>>>
>>>
>>>
>>> _______________________________________________
>>> General mailing list
>>> General at lists.makerslocal.org
>>> http://lists.makerslocal.org/mailman/listinfo/general
>>>
>>
>>
>>
>> --
>> Sincerely,
>> Arthur Moore
>> (256) 277-1001
>>
>> _______________________________________________
>> General mailing list
>> General at lists.makerslocal.org
>> http://lists.makerslocal.org/mailman/listinfo/general
>>
>
> _______________________________________________
> General mailing list
> General at lists.makerslocal.org
> http://lists.makerslocal.org/mailman/listinfo/general
>



-- 
Sincerely,
Arthur Moore
(256) 277-1001
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.makerslocal.org/pipermail/general/attachments/20140409/97f52f11/attachment.html>


More information about the General mailing list