[Cialug] CentOS SSL

Jeff Chapin chapinjeff at gmail.com
Thu Apr 10 09:13:11 CDT 2014


Yes.

Keep in mind when working with outside sites -- it is not a good idea to
change passwords until *AFTER* you are sure that they have updated and
changed certs, otherwise password changing may not be as helpful as you
hope.

Jeff


On Thu, Apr 10, 2014 at 9:10 AM, Josh Reichardt <josh.reichardt at gmail.com>wrote:

> So if people had been abusing the vulnerability prior to the
> announcement to collect information on various systems, would it also be
> safe to assume that you should change passwords as well after patching and
> reissuing certs?
>
> On Wednesday, April 9, 2014, Crouse <crouse at usalug.net> wrote:
>
> > https://www.ssllabs.com/ssltest/index.html  It's been hammered pretty
> > hard,
> > but it gives back good info.
> >
> >
> > On Wed, Apr 9, 2014 at 8:53 PM, Josh More <jmore at starmind.org> wrote:
> >
> > > There's some concern in the security community that some of the new SSL
> > > check sites that have appeared are collecting data for less than
> > honourable
> > > purposes.
> > >
> > > No proof that I know of, but a lot of suspicion.
> > >
> > > -Josh
> > >
> > >
> > > On Wed, Apr 9, 2014 at 8:50 PM, Brett Neese <brett at brettneese.com>
> > wrote:
> > >
> > > > i like this website better: http://privatekeycheck.com/
> > > >
> > > > Brett Neese
> > > > 563-210-3459
> > > >
> > > >
> > > >
> > > > On Thu, Apr 10, 2014 at 9:47 AM, Brian Broughton
> > > > <brian-broughton at mchsi.com>wrote:
> > > >
> > > > > Found this ruby script to test your devices or servers for this
> issue
> > > > >
> > > > > Https://get hub.com/emboss/heartbeat
> > > > >
> > > > > What do you all think, this produce valid results?
> > > > >
> > > > > Sent from my HTC One on the Verizon Wireless 4G LTE network
> > > > >
> > > > > ----- Reply message -----
> > > > > From: "Josh More" <jmore at starmind.org>
> > > > > To: "Central Iowa Linux Users Group" <cialug at cialug.org>
> > > > > Subject: [Cialug] CentOS SSL
> > > > > Date: Wed, Apr 9, 2014 8:36 PM
> > > > >
> > > > > Yep.
> > > > >
> > > > > Should be here by 3pm tomorrow:
> > > > > https://www.sans.org/webcasts/archive/2014
> > > > >
> > > > > Also, there's a test PCAP here if you want to play:
> > > http://bit.ly/0FErmw
> > > > >
> > > > > And a test Python script here: http://bit.ly/1ksnuLe
> > > > >
> > > > > -Josh
> > > > >
> > > > >
> > > > >
> > > > > On Wed, Apr 9, 2014 at 8:31 PM, Brian Broughton
> > > > > <brian-broughton at mchsi.com>wrote:
> > > > >
> > > > > > For those who sat in on this presentation, I was interrupted
> > several
> > > > > times
> > > > > > during the presentation, anybody get the address where the
> webinar
> > is
> > > > > going
> > > > > > to be shared from?
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: cialug-bounces at cialug.org [mailto:
> cialug-bounces at cialug.org]
> > > On
> > > > > > Behalf
> > > > > > Of Daniel A. Ramaley
> > > > > > Sent: Wednesday, April 09, 2014 5:57 PM
> > > > > > To: Josh More
> > > > > > Cc: Central Iowa Linux Users Group
> > > > > > Subject: Re: [Cialug] CentOS SSL
> > > > > >
> > > > > > That's probably enough of a starting point for what i need to
> > argue.
> > > > > > Thank you!
> > > > > >
> > > > > > On 2014-04-09 at 17:53:02 Josh More wrote:
> > > > > > > I don't have anything public, though some might be released at
> > > > > > > tonight's SANS webcast.  (
> > > > > > >
> > > https://www.sans.org/webcasts/openssl-heartbleed-vulnerability-98105)
> > > > > > >
> > > > > > > There has been a lot of discussion on several private security
> > > lists.
> > > > > > > Signatures are being written for the common IDS systems
> (Tipping
> > > > Point
> > > > > > > and SourceFire are mostly what are being discussed) and people
> > have
> > > > > > > been going through their saved packet captures.  Many are
> > reporting
> > > > > > > tons
>
>
>
> --
> Josh Reichardt
> Web: thepracticalsysadmin.com | about.me <http://about.me/jmreicha>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
Jeff Chapin
President, CedarLug, retired
President, UNIPC, "I'll get around to it"
President, UNI Scuba Club
Senator, NISG, retired


More information about the Cialug mailing list