[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Recent Heartbleed OpenSSL bug may affect HTTPS Subversion servers

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Thu, 10 Apr 2014 23:53:14 -0400

I was just realizing that no one has mentioned it here: For anyone
running HTTPS based Subversion servers, they should really take a good
look at whether their web server is vulnerable to the "HeartBleed"
security problem in OpenSSL. There are various good write-ups about
it, but even an internal website vulnerable to these hacks could
apparently have usernames and passwords stolen by a zombied or
rootkitted host inside your network. So strongly consider updating
*all* your websites to avoid the bug, and other bugs, and strongly
consider your password management and expiration procedures for
vulnerabilities that may have been exploited any time in the last two
years.

http://www.theatlantic.com/technology/archive/2014/04/how-to-check-if-a-site-is-safe-from-heartbleed/360417/
Received on 2014-04-11 05:53:53 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.