[mythtv-users] the heartbleed openssl bug and mythtv
Gary Buhrmaster
gary.buhrmaster at gmail.com
Wed Apr 9 20:41:29 UTC 2014
On Wed, Apr 9, 2014 at 8:30 PM, Nicolas Krzywinski <myth at site7even.de> wrote:
....
> But as I did not read about client side vulnerabilities of this heartbleed
> bug, environments like MythTV SHOULD be save.
/me thinks you need to read more carefully. A malicious server
*can* use the attack to acquire information from a client, if
you connect to some rogue server (or can be coerced to do
so; can you say ads sites, email clients that open web
links automatically?). As part of your "change all your
passwords" activities, also be sure to regenerate all your
user certificates. Joy to all.
More information about the mythtv-users
mailing list