[General] Heartbleed Vulnerability

Hunter Fuller hfuller at pixilic.com
Wed Apr 9 20:32:40 CDT 2014


I do not know of other free services. The good news is that, if you hate
them, then, due to the way SSL is done, you are in no way tied to their
product. I do not have any further advice but don't see any reason not to
use their service because they are bad people (as per TFA); it's not like
I'm giving them money, and SSL is kinda broken inherently anyway.

But still, screw them for acting that way.

If you find a good cheap service, let me know.

--
Hunter Fuller




On Wed, Apr 9, 2014 at 3:04 PM, Arthur <Arthur at cd-net.net> wrote:

> Thanks for the recommendation of StartSSL. Unfortunately, I just found
> this article:
>
> http://www.techdirt.com/articles/20140409/11442426859/shameful-security-startcom-charges-people-to-revoke-ssl-certs-vulnerable-to-heartbleed.shtml
>
> Basically, the company is acting like EA or Bank of America.
> While I'll go with them if I have to, do you have any other
> recommendations?
>
>
> On Tue, Apr 8, 2014 at 3:29 PM, Hunter Fuller <hfuller at pixilic.com> wrote:
>
>> Home routers likely use it but they don't have any secure services
>> running usually. Cisco IOS is not vulnerable.
>>
>> For certs, StartSSL is cheap or free, depending on your usage.
>>
>> -- Hunter Fuller
>> On Apr 8, 2014 2:19 PM, "Arthur" <Arthur at cd-net.net> wrote:
>>
>>> Does anyone have any idea about embedded devices like routers.
>>> For instance, does Cisco IOS use openssl?  How about home routers?
>>>
>>> Oh well, it was about time for me to get a new ssl cert anyways.  Can
>>> anyone recommend somewhere cheap?
>>> Because yeah, not only do you need to patch, you need to* revoke your
>>> old certs*.  That's how bad this is.
>>>
>>>
>>> On Tue, Apr 8, 2014 at 2:55 PM, Hunter Fuller <hfuller at pixilic.com>wrote:
>>>
>>>> I wanted everyone to know about this if they didn't already.
>>>>
>>>> http://heartbleed.com/
>>>> proof of concept: https://www.mattslifebytes.com/?p=533
>>>>
>>>> Even if you don't give a shit about computer security, please, please
>>>> take note of this. There are sites around the Web that are leaking
>>>> credentials like a sieve. UAH services were patched as of ~3am, however,
>>>> okcupid is still leaking credentials. I would advise not logging into okc,
>>>> or anything non-critical, until you can verify it's been patched.
>>>>
>>>> Surf safe.
>>>>
>>>> --
>>>> Hunter Fuller
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> General mailing list
>>>> General at lists.makerslocal.org
>>>> http://lists.makerslocal.org/mailman/listinfo/general
>>>>
>>>
>>>
>>>
>>> --
>>> Sincerely,
>>> Arthur Moore
>>> (256) 277-1001
>>>
>>> _______________________________________________
>>> General mailing list
>>> General at lists.makerslocal.org
>>> http://lists.makerslocal.org/mailman/listinfo/general
>>>
>>
>> _______________________________________________
>> General mailing list
>> General at lists.makerslocal.org
>> http://lists.makerslocal.org/mailman/listinfo/general
>>
>
>
>
> --
> Sincerely,
> Arthur Moore
> (256) 277-1001
>
> _______________________________________________
> General mailing list
> General at lists.makerslocal.org
> http://lists.makerslocal.org/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.makerslocal.org/pipermail/general/attachments/20140409/0b6f94a9/attachment.html>


More information about the General mailing list