[CentOS] FLASH NewsBites - Heartbleed Open SSL Vulnerability (fwd)
Johnny Hughes
johnny at centos.org
Thu Apr 10 10:58:02 UTC 2014
For Systems Administrators who missed this broadcast live, it is also
available via a recorded webcast.
I most highly recommend that if you are in charge of any server that is
vulnerable to heartbleed (in CentOS terms, that is anyone with SSL/TLS
services and CentOS-6.5 installed) that you absolutely make time to
watch and understand this video. It is 1 hour and 12 minutes long.
Watch this ... Do it.
Note: It does require a SANs Login .. you should have one anyway :)
On 04/09/2014 12:44 PM, Connie Sieh wrote:
> For even more information about "Heartbleed".
>
> -Connie Sieh
>
> ---------- Forwarded message ----------
> Date: Wed, 9 Apr 2014 12:27:54 -0500
> From: The SANS Institute <NewsBites at sans.org>
> Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability
>
> FLASH NewsBites - Heartbleed Open SSL Vulnerability
>
> FLASH NewsBites are issued only when a security event demands global and
> immediate action. The HeartBleed Open SSL vulnerability fits that
> description.
>
> Proof: More than 200 students at SANS 2014 in Orlando this week spent 2
> hours in a briefing on Heartbleed last night after full days of classes.
> This one matters.
>
> Tonight at 8:15 SANS faculty member Jake Williams will present a
> briefing explaining the HeartBleed vulnerability and what it means to
> you. Jake says: "Another 24 hours have passed since the initial
> presentation and we know more about what is vulnerable and what isn't.
> Even if you attended the short presentation last night at #SANS2014,
> this is a don't miss event."
>
> Jake will cover the actual structure of the vulnerability, methods for
> detection, and what you need to do (both as a systems admin and an end
> user). Jake will also perform live demos against a vulnerable server so
> you see first hand what can be exposed. Finally, we'll be releasing
> packet captures containing the exploit (suitable for testing your IDS
> rules).
>
> Register at:
> https://www.sans.org/webcasts/openssl-heartbleed-vulnerability-98105
>
> Jake Williams, a principal consultant at CSRgroup Computer Security
> Consultants, has over a decade of experience in secure network design,
> penetration testing, incident response, forensics, and malware reverse
> engineering. Prior to joining CSRgroup, he worked with various
> government agencies in information security roles.
>
> Jake has twice won the annual DC3 Digital Forensics Challenge and has
> spoken at several regional ISSA meetings, Shmoocon, and the DC3
> Conference, as well as numerous US government conferences.
>
> Jake is currently pursuing a PhD in Computer Science where he is
> researching new techniques for botnet detection. His research interests
> include protocol analysis, binary analysis, malware RE methods,
> subverting the security of cloud technologies, and methods for
> identifying malware Command and Control (C2) techniques.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20140410/edef8d52/attachment.sig>
More information about the CentOS
mailing list