<div dir="ltr">Good article on Ubuntu and openSSL at:<div><br></div><div><a href="http://news.softpedia.com/news/Dear-Ubuntu-Users-Stop-Saying-the-Ubuntu-Is-Unprotected-Against-the-Heartbleed-Exploit-437846.shtml">http://news.softpedia.com/news/Dear-Ubuntu-Users-Stop-Saying-the-Ubuntu-Is-Unprotected-Against-the-Heartbleed-Exploit-437846.shtml</a><br>
</div><div><br></div><div>The takeaway:</div><div><br></div><div><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify">Now users have been running the following command in a terminal to see what version of OpenSSL they have installed:</span><br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify">
<br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify"><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify;color:rgb(0,128,128)">openssl version</span><br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify">
<br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify"><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify">The result in Ubuntu is 1.0.1f, which, of course, prompted the messages about Ubuntu being vulnerable. What some users don't know is that Canonical doesn't always upgrade to a new version of a package. They choose to implement just the patch and the version number remains the same. Technically, the OpenSSL version number in Ubuntu is 1.0.1f-1ubuntu2, but the version itself doesn't mean anything.</span><br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify">
<br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify"><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify">Ubuntu users need to know that their operating systems are safe and that the Heartbleed vulnerability was corrected. Forget about version numbers and stop trying to get to manually install OpenSSL 1.0.1g. You might create other problems within the system by circumventing the package provided by Canonical.</span><br>
</div><div><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:14px;text-align:justify"><br></span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 April 2014 23:59, unsolicited <span dir="ltr"><<a href="mailto:unsolicited@swiz.ca" target="_blank">unsolicited@swiz.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">ssh -X is X11 forwarding. Huh?<br>
<br>
> And even if autotype didn't work, I think every password manager has<br>
> an option to copy the password to the clipboard for manual<br>
> cut'n'paste. So you still get strong passwords without having to<br>
> remember them.<br>
<br>
Across devices?<br>
<br>
On 14-04-15 06:09 PM, Bob Jonkman wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
unsolicited wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Use a password manager - what if there isn't one? e.g. SSH<br>
signons?<br>
</blockquote>
<br>
KeepassX autotype works just fine in an SSH terminal. In fact, it<br>
really helps with complex login commands, like<br>
<br>
ssh -X <a href="mailto:bjonkman@remote.example.com" target="_blank">bjonkman@remote.example.com</a> -p 2222 -R 22:localhost:10022 -L<br>
10080:localhost:80<br>
<br>
which autotype and save me from having to remember it. The only<br>
problem is that KeepassX 0.4.3 hasn't implemented the {DELAY=3}<br>
parameter in the autotype sequence, but that's apparently fixed in<br>
KeepassX v2.0<br>
<br>
And even if autotype didn't work, I think every password manager has<br>
an option to copy the password to the clipboard for manual<br>
cut'n'paste. So you still get strong passwords without having to<br>
remember them.<br>
</blockquote>
<br>
<br>
______________________________<u></u>_________________<br>
kwlug-disc mailing list<br>
<a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" target="_blank">http://kwlug.org/mailman/<u></u>listinfo/kwlug-disc_kwlug.org</a><br>
</blockquote></div><br></div>