Connie Sieh
2014-Apr-09 18:44 UTC
[CentOS] FLASH NewsBites - Heartbleed Open SSL Vulnerability (fwd)
For even more information about "Heartbleed". -Connie Sieh ---------- Forwarded message ---------- Date: Wed, 9 Apr 2014 12:27:54 -0500 From: The SANS Institute <NewsBites at sans.org> Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites are issued only when a security event demands global and immediate action. The HeartBleed Open SSL vulnerability fits that description. Proof: More than 200 students at SANS 2014 in Orlando this week spent 2 hours in a briefing on Heartbleed last night after full days of classes. This one matters. Tonight at 8:15 SANS faculty member Jake Williams will present a briefing explaining the HeartBleed vulnerability and what it means to you. Jake says: "Another 24 hours have passed since the initial presentation and we know more about what is vulnerable and what isn't. Even if you attended the short presentation last night at #SANS2014, this is a don't miss event." Jake will cover the actual structure of the vulnerability, methods for detection, and what you need to do (both as a systems admin and an end user). Jake will also perform live demos against a vulnerable server so you see first hand what can be exposed. Finally, we'll be releasing packet captures containing the exploit (suitable for testing your IDS rules). Register at: https://www.sans.org/webcasts/openssl-heartbleed-vulnerability-98105 Jake Williams, a principal consultant at CSRgroup Computer Security Consultants, has over a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Prior to joining CSRgroup, he worked with various government agencies in information security roles. Jake has twice won the annual DC3 Digital Forensics Challenge and has spoken at several regional ISSA meetings, Shmoocon, and the DC3 Conference, as well as numerous US government conferences. Jake is currently pursuing a PhD in Computer Science where he is researching new techniques for botnet detection. His research interests include protocol analysis, binary analysis, malware RE methods, subverting the security of cloud technologies, and methods for identifying malware Command and Control (C2) techniques.
Johnny Hughes
2014-Apr-10 10:58 UTC
[CentOS] FLASH NewsBites - Heartbleed Open SSL Vulnerability (fwd)
For Systems Administrators who missed this broadcast live, it is also available via a recorded webcast. I most highly recommend that if you are in charge of any server that is vulnerable to heartbleed (in CentOS terms, that is anyone with SSL/TLS services and CentOS-6.5 installed) that you absolutely make time to watch and understand this video. It is 1 hour and 12 minutes long. Watch this ... Do it. Note: It does require a SANs Login .. you should have one anyway :) On 04/09/2014 12:44 PM, Connie Sieh wrote:> For even more information about "Heartbleed". > > -Connie Sieh > > ---------- Forwarded message ---------- > Date: Wed, 9 Apr 2014 12:27:54 -0500 > From: The SANS Institute <NewsBites at sans.org> > Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability > > FLASH NewsBites - Heartbleed Open SSL Vulnerability > > FLASH NewsBites are issued only when a security event demands global and > immediate action. The HeartBleed Open SSL vulnerability fits that > description. > > Proof: More than 200 students at SANS 2014 in Orlando this week spent 2 > hours in a briefing on Heartbleed last night after full days of classes. > This one matters. > > Tonight at 8:15 SANS faculty member Jake Williams will present a > briefing explaining the HeartBleed vulnerability and what it means to > you. Jake says: "Another 24 hours have passed since the initial > presentation and we know more about what is vulnerable and what isn't. > Even if you attended the short presentation last night at #SANS2014, > this is a don't miss event." > > Jake will cover the actual structure of the vulnerability, methods for > detection, and what you need to do (both as a systems admin and an end > user). Jake will also perform live demos against a vulnerable server so > you see first hand what can be exposed. Finally, we'll be releasing > packet captures containing the exploit (suitable for testing your IDS > rules). > > Register at: > https://www.sans.org/webcasts/openssl-heartbleed-vulnerability-98105 > > Jake Williams, a principal consultant at CSRgroup Computer Security > Consultants, has over a decade of experience in secure network design, > penetration testing, incident response, forensics, and malware reverse > engineering. Prior to joining CSRgroup, he worked with various > government agencies in information security roles. > > Jake has twice won the annual DC3 Digital Forensics Challenge and has > spoken at several regional ISSA meetings, Shmoocon, and the DC3 > Conference, as well as numerous US government conferences. > > Jake is currently pursuing a PhD in Computer Science where he is > researching new techniques for botnet detection. His research interests > include protocol analysis, binary analysis, malware RE methods, > subverting the security of cloud technologies, and methods for > identifying malware Command and Control (C2) techniques. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20140410/edef8d52/attachment-0002.sig>