[nSLUG] Nasty zero day vulnerability in openssl CVE-2014-0160
synrg at sanctuary.nslug.ns.ca
Fri Apr 11 06:32:55 ADT 2014
On 11/04/14 02:50 AM, Mike Spencer wrote:
> Not to start a protracted argument, but I don't really trust any of
> the notionally "secure" protocols. I admittedly haven't read the
> relevant RFCs but I read comp.risks. I don't do anything over the net
> that involves money -- banking, shopping, paypal, for-fee online
> services with CC, tax returns -- or life-critical info. It's unlikely
> (albeit not astronomically so) that I'd be personally targeted but
> there are repeated failures and foul-ups -- rogue or dubious cert
> authorities, bulk data losses from behind encrypted transactions,
> zero-day vulns including this latest major one.
That is admirable, but is a sacrifice in convenience that is not an easy
decision for everyone.
> And yes, if I were running an open Apache, sendmail or other server,
> I'd have to upgrade numerous things that presently only accept contact
> from localhost.
That was my primary concern.
More information about the nSLUG