Reply
Thread Tools
fstern is offline fstern
2014-04-08 , 08:17
Posts: 35 | Thanked: 504 times | Joined on Jan 2013 @ Germany
#1
Hi everyone,

due to recent bugs in openssl, I will upgrade openssl today on our servers. This might lead to service interruption, while services are restarted.

More infos: http://heartbleed.com/
__________________
--
We reject kings, presidents and voting.
We believe in rough consensus and running code.
- David Clark
 

The Following 23 Users Say Thank You to fstern For This Useful Post:
fstern is offline fstern
2014-04-08 , 08:45
Posts: 35 | Thanked: 504 times | Joined on Jan 2013 @ Germany
#2
openssl has been upgraded. Sorry for the inconvenience.

best,

Falk
__________________
--
We reject kings, presidents and voting.
We believe in rough consensus and running code.
- David Clark
 

The Following 23 Users Say Thank You to fstern For This Useful Post:
lma is offline lma
2014-04-09 , 00:51
Posts: 2,802 | Thanked: 4,491 times | Joined on Nov 2007
#3
Originally Posted by fstern View Post
More infos: http://heartbleed.com/
What is leaked primary key material and how to recover?

These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.
(emphasis mine). Though I understand StartSSL are being somewhat less than helpful :-(


Originally Posted by fstern View Post
openssl has been upgraded. Sorry for the inconvenience.
Were the services restarted? Tests like http://filippo.io/Heartbleed/ and http://possible.lv/tools/hb/ currently report {wiki,bugs,lists}.maemo.org as vulnerable.
Last edited by lma; 2014-04-09 at 02:01.
 

The Following 18 Users Say Thank You to lma For This Useful Post:
fstern is offline fstern
2014-04-09 , 16:41
Posts: 35 | Thanked: 504 times | Joined on Jan 2013 @ Germany
#4
Originally Posted by lma View Post
(emphasis mine). Though I understand StartSSL are being somewhat less than helpful :-(

I will issue new certificates next week as our StartSSL certificates expire.


Were the services restarted? Tests like http://filippo.io/Heartbleed/ and http://possible.lv/tools/hb/ currently report {wiki,bugs,lists}.maemo.org as vulnerable.
Services were restarted, but I will recheck. Thanks for looking.

Best,

Falk
__________________
--
We reject kings, presidents and voting.
We believe in rough consensus and running code.
- David Clark
 

The Following 12 Users Say Thank You to fstern For This Useful Post:
fstern is offline fstern
2014-04-10 , 20:20
Posts: 35 | Thanked: 504 times | Joined on Jan 2013 @ Germany
#5
Somehow I apparently forgot to restart services on vcs, lists and wiki. Sorry for that.

Now all systems should be fixed.

Best,

Falk
__________________
--
We reject kings, presidents and voting.
We believe in rough consensus and running code.
- David Clark
 

The Following 15 Users Say Thank You to fstern For This Useful Post:
Reply

Tags
heartbleed, openssl

« Previous Thread | Next Thread »
Thread Tools

 
Forum Jump


All times are GMT. The time now is 19:57.

Contact Us - Home - Archive - Top