tfritz at me.com
Thu Apr 10 00:01:57 UTC 2014
> I will assume that the slow traffic on the mailing list tonight is
> because we are all busy checking our systems for the openssl heartbleed
> If you aren't, you should be.
> RHEL/CentOS folks, please see this note:
> Red Hat announcement:
> Fedora Announcement:
There appears to be some confusion if applying the fix is enough. If your server has been compromised you need to regen/replace your certs after installing the fixed openssl. I have talked with some folks and they think updating the openssl is enough and it may not be. You can’t detect if your system has been compromised. I also haven’t seen an IDS/IPS signature released. If someone otherwise please share.
More information about the OLUG