FW: Koding response to Heartbleed - You're safe.

>
>
> Parece que al final no es tan grave, interesante tema para seguirlo
>
>
> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>
> Saludos!!
>
> Gabi.-
>   El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <
> [hidden email]> escribió:
>
>   Algo sobre seguridad en redes, supongo que a todos nos interesa
>
> ------ Forwarded Message
> Koding response to Heartbleed - You're safe.
>
> Hi all, Just letting you know that Koding is unaffected by the security
> vulnerability known as Heartbleed. On April 7 a serious security
> vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like
> much of the internet, we responded to this critical issue by conducting a
> security review of our servers. We've never used the OpenSSL library.
> Koding built its own proxies using Go and Go has its own implementation of
> TLS. Therefore, you don't need to change your password (unless you used the
> same password on other sites that've been affected by Heartbleed). We did a
> thorough investigation anyway and we've concluded that none of servers were
> affected by this bug, nor was any user information compromised. Our
> engineering team will continue to monitor the situation. At Koding we take
> security and transparency seriously, which is why we're emailing you today
> to let you know your information is safe. No additional step is required on
> your behalf. If you have any questions feel free to reply to this. Regards,
> Koding Team https://koding.com
>
> ------ End of Forwarded Message
>
>
>    
>

>
>
> Parece que al final no es tan grave, interesante tema para seguirlo
>
>
> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>
> Saludos!!
>
> Gabi.-
>   El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <
> [hidden email]> escribió:
>
>   Algo sobre seguridad en redes, supongo que a todos nos interesa
>
> ------ Forwarded Message
> Koding response to Heartbleed - You're safe.
>
> Hi all, Just letting you know that Koding is unaffected by the security
> vulnerability known as Heartbleed. On April 7 a serious security
> vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like
> much of the internet, we responded to this critical issue by conducting a
> security review of our servers. We've never used the OpenSSL library.
> Koding built its own proxies using Go and Go has its own implementation of
> TLS. Therefore, you don't need to change your password (unless you used the
> same password on other sites that've been affected by Heartbleed). We did a
> thorough investigation anyway and we've concluded that none of servers were
> affected by this bug, nor was any user information compromised. Our
> engineering team will continue to monitor the situation. At Koding we take
> security and transparency seriously, which is why we're emailing you today
> to let you know your information is safe. No additional step is required on
> your behalf. If you have any questions feel free to reply to this. Regards,
> Koding Team https://koding.com
>
> ------ End of Forwarded Message
>
>
>    
>

> El 14/04/2014, a las 13:59, Gabriel Davini <[hidden email]> escribió:
>
> Parece que al final no es tan grave, interesante tema para seguirlo
>
> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>
> Saludos!!
>
> Gabi.-
> El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <[hidden email]> escribió:
>  
> Algo sobre seguridad en redes, supongo que a todos nos interesa
>
> ------ Forwarded Message
> Koding response to Heartbleed - You're safe.
>
> Hi all, Just letting you know that Koding is unaffected by the security vulnerability known as Heartbleed. On April 7 a serious security vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like much of the internet, we responded to this critical issue by conducting a security review of our servers. We've never used the OpenSSL library. Koding built its own proxies using Go and Go has its own implementation of TLS. Therefore, you don't need to change your password (unless you used the same password on other sites that've been affected by Heartbleed). We did a thorough investigation anyway and we've concluded that none of servers were affected by this bug, nor was any user information compromised. Our engineering team will continue to monitor the situation. At Koding we take security and transparency seriously, which is why we're emailing you today to let you know your information is safe. No additional step is required on your behalf. If you have any questions feel free to reply to this. Regards, Koding Team https://koding.com 
>
> ------ End of Forwarded Message
>
>
>

> El 14/04/2014, a las 14:10, Angel Java Lopez <[hidden email]> escribió:
>
> Es que hay actualizaciones
>
> Ese articulo
>
> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>
> refiere a CloudFare
>
> http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed
>
> y ellos tuvieron que actualizarlo hace tres dias. Ahi en el articulo inmediato de arriba dice:
>
> Update:
> Below is what we thought as of 12:27pm UTC. To verify our belief we crowd sourced the investigation. It turns out we were wrong. While it takes effort, it is possible to extract private SSL keys. The challenge was solved by Software Engineer Fedor Indutny and Ilkka Mattila at NCSC-FI roughly 9 hours after the challenge was first published. Fedor sent 2.5 million requests over the course of the day and Ilkka sent around 100K requests. Our recommendation based on this finding is that everyone reissue and revoke their private keys. CloudFlare has accelerated this effort on behalf of the customers whose SSL keys we manage. You can read more here.
>
> Y si, hay que ir a leer:
> http://blog.cloudflare.com/the-results-of-the-cloudflare-challenge
>
> Enlaces
> https://delicious.com/ajlopez/heartbleed 
>
> Ay... lo mio es un apostolado ;-)
>
> Angel "Java" Lopez
> @ajlopez
>
>
>
>> On Mon, Apr 14, 2014 at 1:59 PM, Gabriel Davini <[hidden email]> wrote:
>>  
>> Parece que al final no es tan grave, interesante tema para seguirlo
>>
>> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>>
>> Saludos!!
>>
>> Gabi.-
>> El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <[hidden email]> escribió:
>>  
>> Algo sobre seguridad en redes, supongo que a todos nos interesa
>>
>> ------ Forwarded Message
>> Koding response to Heartbleed - You're safe.
>>
>> Hi all, Just letting you know that Koding is unaffected by the security vulnerability known as Heartbleed. On April 7 a serious security vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like much of the internet, we responded to this critical issue by conducting a security review of our servers. We've never used the OpenSSL library. Koding built its own proxies using Go and Go has its own implementation of TLS. Therefore, you don't need to change your password (unless you used the same password on other sites that've been affected by Heartbleed). We did a thorough investigation anyway and we've concluded that none of servers were affected by this bug, nor was any user information compromised. Our engineering team will continue to monitor the situation. At Koding we take security and transparency seriously, which is why we're emailing you today to let you know your information is safe. No additional step is required on your behalf. If you have any questions feel free to reply to this. Regards, Koding Team https://koding.com 
>>
>> ------ End of Forwarded Message
>
>

> El 14/04/2014, a las 15:11, Andres Valloud <[hidden email]> escribió:
>
> FYI pusieron un challenge para sacar private keys y lo resolvieron dos personas diferentes en 9 horas...
>
>
>> On Mon, Apr 14, 2014 at 9:59 AM, Gabriel Davini <[hidden email]> wrote:
>>  
>> Parece que al final no es tan grave, interesante tema para seguirlo
>>
>> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>>
>> Saludos!!
>>
>> Gabi.-
>> El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <[hidden email]> escribió:
>>  
>> Algo sobre seguridad en redes, supongo que a todos nos interesa
>>
>> ------ Forwarded Message
>> Koding response to Heartbleed - You're safe.
>>
>> Hi all, Just letting you know that Koding is unaffected by the security vulnerability known as Heartbleed. On April 7 a serious security vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like much of the internet, we responded to this critical issue by conducting a security review of our servers. We've never used the OpenSSL library. Koding built its own proxies using Go and Go has its own implementation of TLS. Therefore, you don't need to change your password (unless you used the same password on other sites that've been affected by Heartbleed). We did a thorough investigation anyway and we've concluded that none of servers were affected by this bug, nor was any user information compromised. Our engineering team will continue to monitor the situation. At Koding we take security and transparency seriously, which is why we're emailing you today to let you know your information is safe. No additional step is required on your behalf. If you have any questions feel free to reply to this. Regards, Koding Team https://koding.com 
>>
>> ------ End of Forwarded Message
>
>