Tag Archives: OpenSSL

SharedSystemCertificates in Fedora 21: Blacklisting the CCNIC Root Certificate

Posted on April 2, 2015 by The Civilized Cynic

A question came up on ask.fedoraproject.org regarding the recent CCNIC debacle and Google’s decision to distrust their Root CA given their recent misbehavior.  The user wanted to know how to blacklist the CCNIC Root CA, himself, for all software running … Continue reading

Posted in Information Technology | Tagged , , | Leave a comment

Diagnosing POODLE (CVE-2014-3566) Vulnerability

Posted on October 21, 2014 by The Civilized Cynic

Well, it’s kind of a silly vulnerability to be quite frank.  It’s based on a very outdated and obsolete protocol with many superior replacements already in production and it’s a man-in-the-middle attack that requires a significant amount of technical expertise and a serious … Continue reading

Posted in Information Technology | Tagged , | Leave a comment

Heartbleed and System Defense

Posted on April 12, 2014 by The Civilized Cynic

It crosses my mind that this is a perfect opportunity to discuss system defense options against unknown threats such as Heartbleed (over the past two years, anyway).  How does one defend against a threat which “leaves no trace” and is … Continue reading

Posted in Information Technology | Tagged , | Leave a comment

Heartbleed and Cloudflare: Part 2

Posted on April 12, 2014 by The Civilized Cynic

Damn, that didn’t take long.  A server reboot might have contributed, but it looks like the private key got ganked pretty fast.  What would be really nice (as I’ve suggested on the CloudFlare blog) would be if someone (them) could author … Continue reading

Posted in Information Technology | Tagged , | Leave a comment

Heartbleed and Cloudflare

Posted on April 11, 2014 by The Civilized Cynic

http://www.zdnet.com/private-keys-may-be-inaccessible-to-heartbleed-7000028356/#ftag=RSS4d2198e 1)  CloudFlare rocks.  They’re a great organization and they continue to do great things. 2)  I suspected that this would be the case, given the very reasons provided (that certificate data is loaded into memory early on, and therefore … Continue reading

Posted in Information Technology | Tagged , | Leave a comment

[Updated] Heartbleed and the NSA

Posted on April 11, 2014 by The Civilized Cynic

UPDATE:  Looks like the story may well have been based on bad intel:  http://arstechnica.com/security/2014/04/nsa-used-heartbleed-nearly-from-the-start-report-claims/ There are some shrieky articles out there, so beware, but that one seemed mostly reasonable. Original Article Below: Well, I did call it:  http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html The story … Continue reading

Posted in Information Technology, Politics | Tagged , | Leave a comment

Heartbleed

Posted on April 9, 2014 by The Civilized Cynic

By now I’m sure everyone’s seen the stories all over the news about the newly-unveiled OpenSSL exploit.  If not, here’s an excellent write-up of the situation from Symantec. As always, patch and move on.  If you run a publicly-surfaced secure … Continue reading

Posted in Information Technology, Politics | Tagged , , | Leave a comment