maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Community (https://talk.maemo.org/forumdisplay.php?f=16)
-   -   Emergency maintenance (https://talk.maemo.org/showthread.php?t=92991)

fstern 2014-04-08 08:17
Emergency maintenance
 
Hi everyone,

due to recent bugs in openssl, I will upgrade openssl today on our servers. This might lead to service interruption, while services are restarted.

More infos: http://heartbleed.com/

fstern 2014-04-08 08:45
Re: Emergency maintenance
 
openssl has been upgraded. Sorry for the inconvenience.

best,

Falk

lma 2014-04-09 00:51
Re: Emergency maintenance
 
Quote:
Originally Posted by fstern (Post 1420361)
Quote:
What is leaked primary key material and how to recover?

These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.
(emphasis mine). Though I understand StartSSL are being somewhat less than helpful :-(


Quote:
Originally Posted by fstern (Post 1420363)
openssl has been upgraded. Sorry for the inconvenience.
Were the services restarted? Tests like http://filippo.io/Heartbleed/ and http://possible.lv/tools/hb/ currently report {wiki,bugs,lists}.maemo.org as vulnerable.

fstern 2014-04-09 16:41
Re: Emergency maintenance
 
Quote:
Originally Posted by lma (Post 1420455)
(emphasis mine). Though I understand StartSSL are being somewhat less than helpful :-(

I will issue new certificates next week as our StartSSL certificates expire.


Were the services restarted? Tests like http://filippo.io/Heartbleed/ and http://possible.lv/tools/hb/ currently report {wiki,bugs,lists}.maemo.org as vulnerable.
Services were restarted, but I will recheck. Thanks for looking.

Best,

Falk

fstern 2014-04-10 20:20
Re: Emergency maintenance
 
Somehow I apparently forgot to restart services on vcs, lists and wiki. Sorry for that.

Now all systems should be fixed.

Best,

Falk


All times are GMT. The time now is 15:38.

vBulletin® Version 3.8.8