← Back to team overview

elementary-dev-community team mailing list archive

Re: URGENT: Update and change your SSH keys IMMEDIATELY

 

Since Launchpad itself is probably vulnerable, I strongly suggest everyone
with code commit and/or PPA upload permissions to CLEAR ALL COOKIES and
refrain from using Launchpad until
https://bugs.launchpad.net/launchpad/+bug/1304136 is fixed.


2014-04-08 5:14 GMT+04:00 Sergey "Shnatsel" Davidoff <
sergey@xxxxxxxxxxxxxxxx>:

> Oh yeah, right, don't forget to change your important passwords too!
>
>
> 2014-04-08 4:56 GMT+04:00 desiderantes@xxxxxxxxxxxxxx <
> desiderantes@xxxxxxxxxxxxxx>:
>
> SSH does not use TLS per se, so revoking ssh keys is not that useful
>>
>> Enviado desde Mail con Replicant
>>
>>  ------------------------------
>> * From: * victor-eduardo <victoreduardm@xxxxxxxxx>;
>> * To: * Sergey Shnatsel Davidoff <sergey@xxxxxxxxxxxxxxxx>;
>> * Cc: * elementary-dev-community@xxxxxxxxxxxxxxxxxxx <
>> elementary-dev-community@xxxxxxxxxxxxxxxxxxx>;
>> * Subject: * Re: [Elementary-dev-community] URGENT: Update and change
>> your SSH keys IMMEDIATELY
>> * Sent: * Tue, Apr 8, 2014 12:36:30 AM
>>
>>   Thanks for the heads up!
>>
>> OpenSSL is flawed by design indeed :(
>>
>> On lun, abr 7, 2014 at 6:31 , Sergey Shnatsel Davidoff <
>> sergey@xxxxxxxxxxxxxxxx> wrote:
>>
>> Also do not forget to revoke the older keys wherever they are used -
>> Launchpad, etc.
>>
>>
>> 2014-04-08 3:45 GMT+04:00 Sergey "Shnatsel" Davidoff <
>> sergey@xxxxxxxxxxxxxxxx>:
>>
>>> There's a killer bug in OpenSSL that leaks private keys! Update your
>>> system and change your SSH private keys (and other private keys for good
>>> measure) IMMEDIATELY!
>>>
>>> More info at http://heartbleed.com/
>>> *runs off to upgrade all machines and change keys everywhere*
>>> --
>>> Sergey "Shnatsel" Davidoff
>>>
>>
>>
>>
>> --
>> Sergey "Shnatsel" Davidoff
>>
>>
>
>
> --
> Sergey "Shnatsel" Davidoff
>



-- 
Sergey "Shnatsel" Davidoff

Follow ups

References