cyber-"terrorism"?
Matthew Byng-Maddick
ukcrypto at lists.colondot.net
Wed, 18 Sep 2002 10:36:20 +0100
iriXx wrote:
> this is true - those who are vulnerable to bugtraq.c are generally those
> who havent got around to updating their mod_ssl since the vulnerability
> was patched some time ago... personally, i keep ahead of this, but i'm
> a) interested in security and b) at present just running machines from
> home. certainly sysadmins should be doing all that you've suggested
> above...
It might help your credibility if you talked about patching the right
piece of software. The vulnerabilities are within the OpenSSL library,
not within any client code that happens to link against it. This means
that any and all things (not just mod_ssl) that link against OpenSSL
are potentially vulnerable to the same holes.
I'm interested in security too, and I think that part of it is understanding
issues such as knowing what to upgrade, when.
MBM
--
Matthew Byng-Maddick <mbm@colondot.net> http://colondot.net/