[kwlug-disc] Heartbleed affected sites

CrankyOldBugger crankyoldbugger at gmail.com
Wed Apr 16 09:59:59 EDT 2014 

Good article on Ubuntu and openSSL at:

http://news.softpedia.com/news/Dear-Ubuntu-Users-Stop-Saying-the-Ubuntu-Is-Unprotected-Against-the-Heartbleed-Exploit-437846.shtml

The takeaway:

Now users have been running the following command in a terminal to see what
version of OpenSSL they have installed:

openssl version

The result in Ubuntu is 1.0.1f, which, of course, prompted the messages
about Ubuntu being vulnerable. What some users don't know is that Canonical
doesn't always upgrade to a new version of a package. They choose to
implement just the patch and the version number remains the same.
Technically, the OpenSSL version number in Ubuntu is 1.0.1f-1ubuntu2, but
the version itself doesn't mean anything.

Ubuntu users need to know that their operating systems are safe and that
the Heartbleed vulnerability was corrected. Forget about version numbers
and stop trying to get to manually install OpenSSL 1.0.1g. You might create
other problems within the system by circumventing the package provided by
Canonical.



On 15 April 2014 23:59, unsolicited <unsolicited at swiz.ca> wrote:

> ssh -X is X11 forwarding. Huh?
>
> > And even if autotype didn't work, I think every password manager has
> > an option to copy the password to the clipboard for manual
> > cut'n'paste. So you still get strong passwords without having to
> > remember them.
>
> Across devices?
>
> On 14-04-15 06:09 PM, Bob Jonkman wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> unsolicited wrote:
>>
>>> Use a password manager - what if there isn't one? e.g. SSH
>>> signons?
>>>
>>
>> KeepassX autotype works just fine in an SSH terminal.  In fact, it
>> really helps with complex login commands, like
>>
>>    ssh -X bjonkman at remote.example.com -p 2222 -R 22:localhost:10022 -L
>> 10080:localhost:80
>>
>> which autotype and save me from having to remember it.  The only
>> problem is that KeepassX 0.4.3 hasn't implemented the {DELAY=3}
>> parameter in the autotype sequence, but that's apparently fixed in
>> KeepassX v2.0
>>
>> And even if autotype didn't work, I think every password manager has
>> an option to copy the password to the clipboard for manual
>> cut'n'paste. So you still get strong passwords without having to
>> remember them.
>>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140416/3921e139/attachment.htm>

More information about the kwlug-disc mailing list