[mythtv-users] the heartbleed openssl bug and mythtv
Nicolas Krzywinski
myth at site7even.de
Wed Apr 9 20:55:36 UTC 2014
Am 09.04.2014, 22:41 Uhr, schrieb Gary Buhrmaster
<gary.buhrmaster at gmail.com>:
> On Wed, Apr 9, 2014 at 8:30 PM, Nicolas Krzywinski <myth at site7even.de>
> wrote:
> ....
>> But as I did not read about client side vulnerabilities of this
>> heartbleed
>> bug, environments like MythTV SHOULD be save.
>
> /me thinks you need to read more carefully. A malicious server
> *can* use the attack to acquire information from a client, if
> you connect to some rogue server (or can be coerced to do
> so; can you say ads sites, email clients that open web
> links automatically?). As part of your "change all your
> passwords" activities, also be sure to regenerate all your
> user certificates. Joy to all.
/me thinks you have to think more carefully
Of course you have to hope that server admins hurry in updating their
OpenSSL libraries as vulnerable servers WILL HARM YOU REGARDLESS OF YOUR
CLIENT VERSIONS.
My advices above were related to the question. They were not related to
your generally security status when surfing around the web.
Take care. Read all words. Interpret all gramatic relations.
Nicolas
--
www.nskcomputing.de
More information about the mythtv-users
mailing list