Heartbleed, OpenSSL vulnerability

[Richard Kreiss]

Checked fptech.co and was advised to check  with them.

As they issues their own password to us, this should not present a problem as I doubt anyone uses the password they issued on another site.


Richard Kreiss
GCC Consulting

Office: 410-653-2813



> -----Original Message-----
> From: filepro-list-bounces+rkreiss=verizon.net at lists.celestial.com
> [mailto:filepro-list-bounces+rkreiss=verizon.net at lists.celestial.com] On
> Behalf Of Jean-Pierre A. Radley
> Sent: Sunday, April 13, 2014 4:47 PM
> To: filePro Mailing List
> Subject: OT: Heartbleed, OpenSSL vulnerability
> 
> There's been a great deal of coverage in all sorts of media in the past few days
> about a major security issue on the Internet, having to do with something
> called OpenSSL, and also referred to as the Heartbleed bug.
> 
> The short summary: if an OpenSSL connection is idle, heartbeat messages are
> used to check if the other side is still listening. For example, your browser
> sends a message "if you are still alive, reply by sending the 3 letter word
> 'dog'", and the server replies with "dog". To trigger the bug, the client would
> send "reply with the 500 letter word 'cow'". Since "cow" has only 3 letters,
> the server will make up the missing 497 bytes with data from memory, and
> those bytes might contain other things the server was working on, like users'
> passwords or private encryption keys.
> 
> You should check those sites which require a password to get in; go to:
> 
>         https://lastpass.com/heartbleed/
> 
> If the site has taken care of the matter, change your password on that site. If
> they haven't, prod them to find out why not, change your password anyhow,
> and then change it again after they have installed the necessary fixes.
> 
> --
> JP
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> Subscribe/Unsubscribe/Subscription Changes
> http://mailman.celestial.com/mailman/listinfo/filepro-list