FW: Koding response to Heartbleed - You're safe.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

FW: Koding response to Heartbleed - You're safe.

Edgar De Cleene
Algo sobre seguridad en redes, supongo que a todos nos interesa

------ Forwarded Message
Koding response to Heartbleed - You're safe.

Hi all, Just letting you know that Koding is unaffected by the security
vulnerability known as Heartbleed. On April 7 a serious security
vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like
much of the internet, we responded to this critical issue by conducting a
security review of our servers. We've never used the OpenSSL library. Koding
built its own proxies using Go and Go has its own implementation of TLS.
Therefore, you don't need to change your password (unless you used the same
password on other sites that've been affected by Heartbleed). We did a
thorough investigation anyway and we've concluded that none of servers were
affected by this bug, nor was any user information compromised. Our
engineering team will continue to monitor the situation. At Koding we take
security and transparency seriously, which is why we're emailing you today
to let you know your information is safe. No additional step is required on
your behalf. If you have any questions feel free to reply to this. Regards,
Koding Team https://koding.com

------ End of Forwarded Message

Reply | Threaded
Open this post in threaded view
|

Re: FW: Koding response to Heartbleed - You're safe.

Gabriel Davini
Parece que al final no es tan grave, interesante tema para seguirlo

http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all


Saludos!!

Gabi.-
El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <[hidden email]> escribió:
 
 
Algo sobre seguridad en redes, supongo que a todos nos interesa

------ Forwarded Message
Koding response to Heartbleed - You're safe.

Hi all, Just letting you know that Koding is unaffected by the security vulnerability known as Heartbleed. On April 7 a serious security vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like much of the internet, we responded to this critical issue by conducting a security review of our servers. We've never used the OpenSSL library. Koding built its own proxies using Go and Go has its own implementation of TLS. Therefore, you don't need to change your password (unless you used the same password on other sites that've been affected by Heartbleed). We did a thorough investigation anyway and we've concluded that none of servers were affected by this bug, nor was any user information compromised. Our engineering team will continue to monitor the situation. At Koding we take security and transparency seriously, which is why we're emailing you today to let you know your information is safe. No additional step is required on your behalf. If
 you have any questions feel free to reply to this. Regards, Koding Team https://koding.com 

------ End of Forwarded Message
 
Reply | Threaded
Open this post in threaded view
|

Re: FW: Koding response to Heartbleed - You're safe.

Angel Java Lopez
Es que hay actualizaciones

Ese articulo

http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all

refiere a CloudFare

http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed

y ellos tuvieron que actualizarlo hace tres dias. Ahi en el articulo
inmediato de arriba dice:

*Update:*

*Below is what we thought as of 12:27pm UTC. To verify our belief we crowd
sourced the investigation. It turns out we were wrong. While it takes
effort, it is possible to extract private SSL keys. The challenge was
solved by Software Engineer Fedor Indutny <https://twitter.com/indutny> and
Ilkka Mattila at NCSC-FI roughly 9 hours after the challenge was first
published. Fedor sent 2.5 million requests over the course of the day and
Ilkka sent around 100K requests. Our recommendation based on this finding
is that everyone reissue and revoke their private keys. CloudFlare has
accelerated this effort on behalf of the customers whose SSL keys we
manage. You can read more here
<http://blog.cloudflare.com/the-results-of-the-cloudflare-challenge>.*


*Y si, hay que ir a leer:*


*http://blog.cloudflare.com/the-results-of-the-cloudflare-challenge
<http://blog.cloudflare.com/the-results-of-the-cloudflare-challenge>*


Enlaces

https://delicious.com/ajlopez/heartbleed


Ay... lo mio es un apostolado ;-)


Angel "Java" Lopez

@ajlopez




On Mon, Apr 14, 2014 at 1:59 PM, Gabriel Davini <[hidden email]>wrote:

>
>
> Parece que al final no es tan grave, interesante tema para seguirlo
>
>
> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>
> Saludos!!
>
> Gabi.-
>   El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <
> [hidden email]> escribió:
>
>   Algo sobre seguridad en redes, supongo que a todos nos interesa
>
> ------ Forwarded Message
> Koding response to Heartbleed - You're safe.
>
> Hi all, Just letting you know that Koding is unaffected by the security
> vulnerability known as Heartbleed. On April 7 a serious security
> vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like
> much of the internet, we responded to this critical issue by conducting a
> security review of our servers. We've never used the OpenSSL library.
> Koding built its own proxies using Go and Go has its own implementation of
> TLS. Therefore, you don't need to change your password (unless you used the
> same password on other sites that've been affected by Heartbleed). We did a
> thorough investigation anyway and we've concluded that none of servers were
> affected by this bug, nor was any user information compromised. Our
> engineering team will continue to monitor the situation. At Koding we take
> security and transparency seriously, which is why we're emailing you today
> to let you know your information is safe. No additional step is required on
> your behalf. If you have any questions feel free to reply to this. Regards,
> Koding Team https://koding.com
>
> ------ End of Forwarded Message
>
>
>    
>
Reply | Threaded
Open this post in threaded view
|

Re: FW: Koding response to Heartbleed - You're safe.

Andres Valloud-5
In reply to this post by Gabriel Davini
FYI pusieron un challenge para sacar private keys y lo resolvieron dos
personas diferentes en 9 horas...


On Mon, Apr 14, 2014 at 9:59 AM, Gabriel Davini <[hidden email]>wrote:

>
>
> Parece que al final no es tan grave, interesante tema para seguirlo
>
>
> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>
> Saludos!!
>
> Gabi.-
>   El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <
> [hidden email]> escribió:
>
>   Algo sobre seguridad en redes, supongo que a todos nos interesa
>
> ------ Forwarded Message
> Koding response to Heartbleed - You're safe.
>
> Hi all, Just letting you know that Koding is unaffected by the security
> vulnerability known as Heartbleed. On April 7 a serious security
> vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like
> much of the internet, we responded to this critical issue by conducting a
> security review of our servers. We've never used the OpenSSL library.
> Koding built its own proxies using Go and Go has its own implementation of
> TLS. Therefore, you don't need to change your password (unless you used the
> same password on other sites that've been affected by Heartbleed). We did a
> thorough investigation anyway and we've concluded that none of servers were
> affected by this bug, nor was any user information compromised. Our
> engineering team will continue to monitor the situation. At Koding we take
> security and transparency seriously, which is why we're emailing you today
> to let you know your information is safe. No additional step is required on
> your behalf. If you have any questions feel free to reply to this. Regards,
> Koding Team https://koding.com
>
> ------ End of Forwarded Message
>
>
>    
>
Reply | Threaded
Open this post in threaded view
|

Re: FW: Koding response to Heartbleed - You're safe.

Edgar De Cleene
In reply to this post by Gabriel Davini
Bien Gabriel , me encanta que partícipes.
Y quienes te respondieron....
Se qué a Ángel lo conoces y a Andrés búscalo en Google

Envíado desde Edgar's iPad mini



> El 14/04/2014, a las 13:59, Gabriel Davini <[hidden email]> escribió:
>
> Parece que al final no es tan grave, interesante tema para seguirlo
>
> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>
> Saludos!!
>
> Gabi.-
> El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <[hidden email]> escribió:
>  
> Algo sobre seguridad en redes, supongo que a todos nos interesa
>
> ------ Forwarded Message
> Koding response to Heartbleed - You're safe.
>
> Hi all, Just letting you know that Koding is unaffected by the security vulnerability known as Heartbleed. On April 7 a serious security vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like much of the internet, we responded to this critical issue by conducting a security review of our servers. We've never used the OpenSSL library. Koding built its own proxies using Go and Go has its own implementation of TLS. Therefore, you don't need to change your password (unless you used the same password on other sites that've been affected by Heartbleed). We did a thorough investigation anyway and we've concluded that none of servers were affected by this bug, nor was any user information compromised. Our engineering team will continue to monitor the situation. At Koding we take security and transparency seriously, which is why we're emailing you today to let you know your information is safe. No additional step is required on your behalf. If you have any questions feel free to reply to this. Regards, Koding Team https://koding.com 
>
> ------ End of Forwarded Message
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: FW: Koding response to Heartbleed - You're safe.

Edgar De Cleene
In reply to this post by Angel Java Lopez
Si Ángel , lo tuyo es inenarrable, mereces entrar en las Crónicas.

Envíado desde Edgar's iPad mini



> El 14/04/2014, a las 14:10, Angel Java Lopez <[hidden email]> escribió:
>
> Es que hay actualizaciones
>
> Ese articulo
>
> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>
> refiere a CloudFare
>
> http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed
>
> y ellos tuvieron que actualizarlo hace tres dias. Ahi en el articulo inmediato de arriba dice:
>
> Update:
> Below is what we thought as of 12:27pm UTC. To verify our belief we crowd sourced the investigation. It turns out we were wrong. While it takes effort, it is possible to extract private SSL keys. The challenge was solved by Software Engineer Fedor Indutny and Ilkka Mattila at NCSC-FI roughly 9 hours after the challenge was first published. Fedor sent 2.5 million requests over the course of the day and Ilkka sent around 100K requests. Our recommendation based on this finding is that everyone reissue and revoke their private keys. CloudFlare has accelerated this effort on behalf of the customers whose SSL keys we manage. You can read more here.
>
> Y si, hay que ir a leer:
> http://blog.cloudflare.com/the-results-of-the-cloudflare-challenge
>
> Enlaces
> https://delicious.com/ajlopez/heartbleed 
>
> Ay... lo mio es un apostolado ;-)
>
> Angel "Java" Lopez
> @ajlopez
>
>
>
>> On Mon, Apr 14, 2014 at 1:59 PM, Gabriel Davini <[hidden email]> wrote:
>>  
>> Parece que al final no es tan grave, interesante tema para seguirlo
>>
>> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>>
>> Saludos!!
>>
>> Gabi.-
>> El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <[hidden email]> escribió:
>>  
>> Algo sobre seguridad en redes, supongo que a todos nos interesa
>>
>> ------ Forwarded Message
>> Koding response to Heartbleed - You're safe.
>>
>> Hi all, Just letting you know that Koding is unaffected by the security vulnerability known as Heartbleed. On April 7 a serious security vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like much of the internet, we responded to this critical issue by conducting a security review of our servers. We've never used the OpenSSL library. Koding built its own proxies using Go and Go has its own implementation of TLS. Therefore, you don't need to change your password (unless you used the same password on other sites that've been affected by Heartbleed). We did a thorough investigation anyway and we've concluded that none of servers were affected by this bug, nor was any user information compromised. Our engineering team will continue to monitor the situation. At Koding we take security and transparency seriously, which is why we're emailing you today to let you know your information is safe. No additional step is required on your behalf. If you have any questions feel free to reply to this. Regards, Koding Team https://koding.com 
>>
>> ------ End of Forwarded Message
>
>
Reply | Threaded
Open this post in threaded view
|

Re: FW: Koding response to Heartbleed - You're safe.

Edgar De Cleene
In reply to this post by Andres Valloud-5
Gracias Andrés , se que andas en las Grandes Ligas y poco tiempo.
Si pudieras contarnos un poquito ....


Envíado desde Edgar's iPad mini



> El 14/04/2014, a las 15:11, Andres Valloud <[hidden email]> escribió:
>
> FYI pusieron un challenge para sacar private keys y lo resolvieron dos personas diferentes en 9 horas...
>
>
>> On Mon, Apr 14, 2014 at 9:59 AM, Gabriel Davini <[hidden email]> wrote:
>>  
>> Parece que al final no es tan grave, interesante tema para seguirlo
>>
>> http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all
>>
>> Saludos!!
>>
>> Gabi.-
>> El día jueves, 10 de abril de 2014 6:01, Edgar De Cleene <[hidden email]> escribió:
>>  
>> Algo sobre seguridad en redes, supongo que a todos nos interesa
>>
>> ------ Forwarded Message
>> Koding response to Heartbleed - You're safe.
>>
>> Hi all, Just letting you know that Koding is unaffected by the security vulnerability known as Heartbleed. On April 7 a serious security vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like much of the internet, we responded to this critical issue by conducting a security review of our servers. We've never used the OpenSSL library. Koding built its own proxies using Go and Go has its own implementation of TLS. Therefore, you don't need to change your password (unless you used the same password on other sites that've been affected by Heartbleed). We did a thorough investigation anyway and we've concluded that none of servers were affected by this bug, nor was any user information compromised. Our engineering team will continue to monitor the situation. At Koding we take security and transparency seriously, which is why we're emailing you today to let you know your information is safe. No additional step is required on your behalf. If you have any questions feel free to reply to this. Regards, Koding Team https://koding.com 
>>
>> ------ End of Forwarded Message
>
>