Thu Nov 21 23:19:29 2024
EVENTS
 FREE
SOFTWARE
INSTITUTE

POLITICS
JOBS
MEMBERS'
CORNER

MAILING
LIST

NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2014-04-01

HANGOUT

2024-11-21 | 2024-10-21 | 2024-09-21 | 2024-08-21 | 2024-07-21 | 2024-06-21 | 2024-05-21 | 2024-04-21 | 2024-03-21 | 2024-02-21 | 2024-01-21 | 2023-12-21 | 2023-11-21 | 2023-10-21 | 2023-09-21 | 2023-08-21 | 2023-07-21 | 2023-06-21 | 2023-05-21 | 2023-04-21 | 2023-03-21 | 2023-02-21 | 2023-01-21 | 2022-12-21 | 2022-11-21 | 2022-10-21 | 2022-09-21 | 2022-08-21 | 2022-07-21 | 2022-06-21 | 2022-05-21 | 2022-04-21 | 2022-03-21 | 2022-02-21 | 2022-01-21 | 2021-12-21 | 2021-11-21 | 2021-10-21 | 2021-09-21 | 2021-08-21 | 2021-07-21 | 2021-06-21 | 2021-05-21 | 2021-04-21 | 2021-03-21 | 2021-02-21 | 2021-01-21 | 2020-12-21 | 2020-11-21 | 2020-10-21 | 2020-09-21 | 2020-08-21 | 2020-07-21 | 2020-06-21 | 2020-05-21 | 2020-04-21 | 2020-03-21 | 2020-02-21 | 2020-01-21 | 2019-12-21 | 2019-11-21 | 2019-10-21 | 2019-09-21 | 2019-08-21 | 2019-07-21 | 2019-06-21 | 2019-05-21 | 2019-04-21 | 2019-03-21 | 2019-02-21 | 2019-01-21 | 2018-12-21 | 2018-11-21 | 2018-10-21 | 2018-09-21 | 2018-08-21 | 2018-07-21 | 2018-06-21 | 2018-05-21 | 2018-04-21 | 2018-03-21 | 2018-02-21 | 2018-01-21 | 2017-12-21 | 2017-11-21 | 2017-10-21 | 2017-09-21 | 2017-08-21 | 2017-07-21 | 2017-06-21 | 2017-05-21 | 2017-04-21 | 2017-03-21 | 2017-02-21 | 2017-01-21 | 2016-12-21 | 2016-11-21 | 2016-10-21 | 2016-09-21 | 2016-08-21 | 2016-07-21 | 2016-06-21 | 2016-05-21 | 2016-04-21 | 2016-03-21 | 2016-02-21 | 2016-01-21 | 2015-12-21 | 2015-11-21 | 2015-10-21 | 2015-09-21 | 2015-08-21 | 2015-07-21 | 2015-06-21 | 2015-05-21 | 2015-04-21 | 2015-03-21 | 2015-02-21 | 2015-01-21 | 2014-12-21 | 2014-11-21 | 2014-10-21 | 2014-09-21 | 2014-08-21 | 2014-07-21 | 2014-06-21 | 2014-05-21 | 2014-04-21 | 2014-03-21 | 2014-02-21 | 2014-01-21 | 2013-12-21 | 2013-11-21 | 2013-10-21 | 2013-09-21 | 2013-08-21 | 2013-07-21 | 2013-06-21 | 2013-05-21 | 2013-04-21 | 2013-03-21 | 2013-02-21 | 2013-01-21 | 2012-12-21 | 2012-11-21 | 2012-10-21 | 2012-09-21 | 2012-08-21 | 2012-07-21 | 2012-06-21 | 2012-05-21 | 2012-04-21 | 2012-03-21 | 2012-02-21 | 2012-01-21 | 2011-12-21 | 2011-11-21 | 2011-10-21 | 2011-09-21 | 2011-08-21 | 2011-07-21 | 2011-06-21 | 2011-05-21 | 2011-04-21 | 2011-03-21 | 2011-02-21 | 2011-01-21 | 2010-12-21 | 2010-11-21 | 2010-10-21 | 2010-09-21 | 2010-08-21 | 2010-07-21 | 2010-06-21 | 2010-05-21 | 2010-04-21 | 2010-03-21 | 2010-02-21 | 2010-01-21 | 2009-12-21 | 2009-11-21 | 2009-10-21 | 2009-09-21 | 2009-08-21 | 2009-07-21 | 2009-06-21 | 2009-05-21 | 2009-04-21 | 2009-03-21 | 2009-02-21 | 2009-01-21 | 2008-12-21 | 2008-11-21 | 2008-10-21 | 2008-09-21 | 2008-08-21 | 2008-07-21 | 2008-06-21 | 2008-05-21 | 2008-04-21 | 2008-03-21 | 2008-02-21 | 2008-01-21 | 2007-12-21 | 2007-11-21 | 2007-10-21 | 2007-09-21 | 2007-08-21 | 2007-07-21 | 2007-06-21 | 2007-05-21 | 2007-04-21 | 2007-03-21 | 2007-02-21 | 2007-01-21 | 2006-12-21 | 2006-11-21 | 2006-10-21 | 2006-09-21 | 2006-08-21 | 2006-07-21 | 2006-06-21 | 2006-05-21 | 2006-04-21 | 2006-03-21 | 2006-02-21 | 2006-01-21 | 2005-12-21 | 2005-11-21 | 2005-10-21 | 2005-09-21 | 2005-08-21 | 2005-07-21 | 2005-06-21 | 2005-05-21 | 2005-04-21 | 2005-03-21 | 2005-02-21 | 2005-01-21 | 2004-12-21 | 2004-11-21 | 2004-10-21 | 2004-09-21 | 2004-08-21 | 2004-07-21 | 2004-06-21 | 2004-05-21 | 2004-04-21 | 2004-03-21 | 2004-02-21 | 2004-01-21 | 2003-12-21 | 2003-11-21 | 2003-10-21 | 2003-09-21 | 2003-08-21 | 2003-07-21 | 2003-06-21 | 2003-05-21 | 2003-04-21 | 2003-03-21 | 2003-02-21 | 2003-01-21 | 2002-12-21 | 2002-11-21 | 2002-10-21 | 2002-09-21 | 2002-08-21 | 2002-07-21 | 2002-06-21 | 2002-05-21 | 2002-04-21 | 2002-03-21 | 2002-02-21 | 2002-01-21 | 2001-12-21 | 2001-11-21 | 2001-10-21 | 2001-09-21 | 2001-08-21 | 2001-07-21 | 2001-06-21 | 2001-05-21 | 2001-04-21 | 2001-03-21 | 2001-02-21 | 2001-01-21 | 2000-12-21 | 2000-11-21 | 2000-10-21 | 2000-09-21 | 2000-08-21 | 2000-07-21 | 2000-06-21 | 2000-05-21 | 2000-04-21 | 2000-03-21 | 2000-02-21 | 2000-01-21 | 1999-12-21

Key: Value:

Key: Value:

MESSAGE
DATE 2014-04-08
FROM Ruben Safir
SUBJECT Subject: [NYLXS - HANGOUT] openssl security hole
http://www.bbc.com/news/technology-26935905

8 April 2014 Last updated at 07:05 ET
Share this page

Print

Share
Facebook
Twitter

Scramble to fix huge 'heartbleed' security bug
Screengrab from Heartbleed page The researchers who discovered the bug
publicised their findings via the web
Continue reading the main story
Related Stories

Global push to fix power plant code
Target data theft hit 70 million
Bitcoin theft closes drug website

A bug in software used by millions of web servers could have exposed
anyone visiting sites they hosted to spying and eavesdropping, say
researchers.

The bug is in a software library used in servers, operating systems and
email and instant messaging systems.

Called OpenSSL the software is supposed to protect sensitive data as it
travels back and forth.

It is not clear how widespread exploitation of the bug has been because
attacks leave no trace.

"If you need strong anonymity or privacy on the internet, you might want
to stay away from the internet entirely for the next few days while
things settle," said a blog entry about the bug published by the Tor
Project which produces software that helps people avoid scrutiny of
their browsing habits.
'Serious' vulnerability

A huge swathe of the web could be vulnerable because OpenSSL is used in
the widely used Apache and Nginx server software. Statistics from net
monitoring firm Netcraft suggest that about 500,000 of the web's secure
servers are running versions of the vulnerable software.

"It's the biggest thing I've seen in security since the discovery of SQL
injection," said Ken Munro, a security expert at Pen Test Partners. SQL
injection is a way to extract information from the databases behind web
sites and services using specially crafted queries.

Many firms were scrambling to apply patches to vulnerable programs and
others had shut down services while fixes were being worked on, he said.
Many were worried that with proof of concept code already being shared
it would only be a matter of time before cyber thieves started
exploiting the vulnerability.

Mojang, maker of the hugely popular Minecraft game, took all its
services offline while Amazon, which it uses to host games, patched its
systems.

The bug in OpenSSL was discovered by researchers working for Google and
security firm Codenomicon.

In a blog entry about their findings the researchers said the "serious
vulnerability" allowed anyone to read chunks of memory in servers
supposedly protected with the flawed version of OpenSSL. Via this route,
attackers could get at the secret keys used to scramble data as it
passes between a server and its users.

"This allows attackers to eavesdrop [on] communications, steal data
directly from the services and users and to impersonate services and
users," wrote the team that discovered the vulnerability. They called it
the "heartbleed" bug because it occurs in the heartbeat extension for
OpenSSL.

The bug has been present in versions of OpenSSL that have been available
for over two years. The latest version of OpenSSL released on 7 April is
no longer vulnerable to the bug.

"Considering the long exposure, ease of exploitation and attacks leaving
no trace this exposure should be taken seriously," wrote the
researchers.

Installing an updated version of OpenSSL did not necessarily mean people
were safe from attack, said the team. If attackers have already
exploited it they could have stolen encryption keys, passwords or other
credentials required to access a server, they said.

Full protection might require updating to the safer version of OpenSSL
as well as getting new security certificates and generating new
encryption keys. To help people check their systems some security
researchers have produced tools that help people work out if they are
running vulnerable versions of OpenSSL.

  1. 2014-04-01 Ruben <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] wonders of okcupid
  2. 2014-04-03 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Urgent
  3. 2014-04-05 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Urgent
  4. 2014-04-05 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Urgent
  5. 2014-04-05 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] [ruben-at-mrbrklyn.com: [caroleheadsup-at-caroleking.com:
  6. 2014-04-05 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] [ruben-at-mrbrklyn.com: [caroleheadsup-at-caroleking.com:
  7. 2014-04-05 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] [ruben-at-mrbrklyn.com: [caroleheadsup-at-caroleking.com:
  8. 2014-04-05 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] [ruben-at-mrbrklyn.com: [caroleheadsup-at-caroleking.com:
  9. 2014-04-06 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] Urgent
  10. 2014-04-08 Kevin Mark <kevin.mark-at-verizon.net> Re: [NYLXS - HANGOUT] Urgent
  11. 2014-04-08 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] Urgent
  12. 2014-04-08 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Taliban
  13. 2014-04-08 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Urgent
  14. 2014-04-08 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Urgent
  15. 2014-04-08 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] Urgent
  16. 2014-04-08 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] openssl security hole
  17. 2014-04-09 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Urgent
  18. 2014-04-09 eminker-at-gmail.com Re: [NYLXS - HANGOUT] Urgent
  19. 2014-04-09 eminker-at-gmail.com Re: [NYLXS - HANGOUT] Urgent
  20. 2014-04-09 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Fwd: [Israel.pm] Seeking an IT manager
  21. 2014-04-09 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] openssl patches
  22. 2014-04-09 From: "Michael L. Richardson" <mlr52-at-michaellrichardson.com> Subject: [NYLXS - HANGOUT] From Michael
  23. 2014-04-09 From: "Michael L. Richardson" <mlr52-at-michaellrichardson.com> Subject: [NYLXS - HANGOUT] From Michael
  24. 2014-04-09 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] openssl patches
  25. 2014-04-09 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] From Michael
  26. 2014-04-10 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] cctv dvr routing
  27. 2014-04-10 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] cctv dvr routing
  28. 2014-04-11 Contrarian <adrba-at-nyct.net> Subject: [NYLXS - HANGOUT] replacement for Mozilla?
  29. 2014-04-11 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] replacement for Mozilla?
  30. 2014-04-13 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] gnu/cash
  31. 2014-04-16 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] MIT Classes
  32. 2014-04-16 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] the best of 21st century customer service
  33. 2014-04-17 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Shani is Engaged
  34. 2014-04-17 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] Shani is Engaged
  35. 2014-04-17 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] Shani is Engaged
  36. 2014-04-17 eminker-at-gmail.com Re: [NYLXS - HANGOUT] Shani is Engaged
  37. 2014-04-17 eminker-at-gmail.com Re: [NYLXS - HANGOUT] Shani is Engaged
  38. 2014-04-18 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Shani is Engaged
  39. 2014-04-18 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Shani is Engaged
  40. 2014-04-18 eminker-at-gmail.com Re: [NYLXS - HANGOUT] Shani is Engaged
  41. 2014-04-18 eminker-at-gmail.com Re: [NYLXS - HANGOUT] Shani is Engaged
  42. 2014-04-18 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Shani is Engaged
  43. 2014-04-18 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Shani is Engaged
  44. 2014-04-18 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] Shani is Engaged
  45. 2014-04-21 Elfen Magix <elfen_magix-at-yahoo.com> Subject: [NYLXS - HANGOUT] Medical Update 042114
  46. 2014-04-23 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] just for fun
  47. 2014-04-25 Ruben <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Net Nuetrality
  48. 2014-04-25 Robert Menes <viewtiful.icchan-at-gmail.com> Re: [NYLXS - HANGOUT] Net Nuetrality
  49. 2014-04-25 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Si Ling Schekels
  50. 2014-04-27 From: "Paul Robert Marino" <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] Net Nuetrality
  51. 2014-04-28 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Net Nuetrality
  52. 2014-04-28 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Net Nuetrality
  53. 2014-04-28 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] [groups-noreply-at-linkedin.com: How Do I Get Into Pharmacy IT or
  54. 2014-04-28 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] NYLXS publishing possibility
  55. 2014-04-29 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Net Neutrality
  56. 2014-04-29 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] government for sale
  57. 2014-04-29 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Duck Duck Go Plugins
  58. 2014-04-29 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Open Sourced Healthcare
  59. 2014-04-29 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] The Slashdot Generation ... coming to an end
  60. 2014-04-30 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Fwd: Net neutrality emergency

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!