Password strength cartoon:
http://xkcd.com/936/
Tracy Johnson
Office (757) 766-4318
[log in to unmask]
> -----Original Message-----
> From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On
> Behalf Of Bahrs, Art
> Sent: Thursday, April 10, 2014 10:42 AM
> To: [log in to unmask]
> Subject: Re: [HP3000-L] OT OpenSSL-1.0.1 Heartbeat exploit named
> heartbleed
>
> Hi All :)
> Ok... some things to think about concerning the HeartBleed vulnerability....
>
> - Change your passwords
> - This is a 'DOH'... as we all should be changing our passwords every 45-
> 90 days as a minimum... You do change yours regularly don't you?
> - This is not a new vulnerability!
> - it's been around for a couple years...
> - we must assume that the exploitation of it has been around for some
> time... just not in the news
> - Remember this hasn't been remediated yet by a WHOLE LOT of sites!
> - this means that we need to keep changing our passwords regularly with a
> very high frequency until patching is complete
> - Use good passwords...
> - I used 'good' rather than 'strong' for the simple reason of dictionaries
> and/or Rainbow Tables
> - At least 10+ characters long
> - Use Mixed Case
> - Use Special Characters (@, !, ^, $)
> - SPELL THINGS WRONG intentionally!
> - e.g. EyeR3edB0ok$ instead of IReadBooks
>
> Art "They are out to get us!!! " Bahrs, {insert lots of letters of security
> credentials for those who care about those things hehehe}
>
>
> Art Bahrs, CISSP
> Security Engineer (Oregon Region)
> (971) 282-0927
>
>
> -----Original Message-----
> From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On
> Behalf Of James B. Byrne
> Sent: Thursday, April 10, 2014 6:12 AM
> To: [log in to unmask]
> Subject: Re: OT OpenSSL-1.0.1 Heartbeat exploit named heartbleed
>
> On Thu, April 10, 2014 08:45, Mark Ranft wrote:
> > Might this vulnerability be a concern for MPE posix OpenSSL users?
> >
> > The product, HP WebWise MPE/iX Secure Web Server, contained Openssl
> > 0.9.7d cryptographic/SSL library
> >
> > And there are those that downloaded OpenSLL for sftp. The version I
> > have is openssl-0.9.6a-mpe.tar.
> >
>
> No, any version of OpenSSL prior to 1.0.1 is not affected by this vulnerability
> as the heartbeat protocol was not introduced before 2012 and
> v.1.0.1 was the first release to include it.
>
> --
> *** E-Mail is NOT a SECURE channel ***
> James B. Byrne mailto:[log in to unmask]
> Harte & Lyne Limited http://www.harte-lyne.ca
> 9 Brockley Drive vox: +1 905 561 1241
> Hamilton, Ontario fax: +1 905 561 0757
> Canada L8E 3C3
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>
>
> ________________________________
>
> This message is intended for the sole use of the addressee, and may contain
> information that is privileged, confidential and exempt from disclosure under
> applicable law. If you are not the addressee you are hereby notified that you
> may not use, copy, disclose, or distribute to anyone the message or any
> information contained in the message. If you have received this message in
> error, please immediately advise the sender by reply email and delete this
> message.
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
