heartbleed

Discussion of items in the "What's New" log.

heartbleed

Postby josh » Wed Apr 09, 2014 2:55 pm

the spamgourmet server was using a version of openssl with the heartbleed bug. A user reported that to me and I patched it yesterday.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Re: heartbleed

Postby josh » Wed Apr 09, 2014 3:07 pm

I should add - I updated the mail server certificate (self-signed and used for TLS), but I did *not* yet update the website certificate, since I have to get that from the CA. Looking into that.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Re: heartbleed

Postby josh » Sat Apr 12, 2014 1:03 pm

well, that took a while. The SSL certificate folks are really busy, as you might imagine. Anyway, as of now the website has a new certificate. Now's a good time to change your password.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Re: heartbleed

Postby kolobok » Wed Apr 16, 2014 10:10 pm

Hello!

Would you please confirm that they have issued the new certificate with almost the same attributes (including issue and expiry dates) except serial and thumbprints?
And the new certificate has thumbprint 0a fe 51 3e 85 fc 94 b4 ae 26 40 65 45 93 6f 4e 49 5e f9 ee ?
kolobok
 
Posts: 3
Joined: Wed Apr 16, 2014 10:03 pm

Re: heartbleed

Postby josh » Mon Apr 21, 2014 10:24 pm

yes - they have
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Re: heartbleed

Postby lwc » Fri Jun 13, 2014 3:13 pm

What about the newly discovered bug that surpassed heartbleed?
lwc
 
Posts: 455
Joined: Sat Aug 28, 2004 9:09 am

Re: heartbleed

Postby josh » Thu Jun 19, 2014 12:21 am

That's patched too. I don't think it is as bad as heartbleed, really.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm


Return to What's New

Who is online

Users browsing this forum: No registered users and 3 guests

cron