...as the resulution upgrade to openssl 0.9.7k or 0.9.8c or newer. a source code patch is also available for those who cannot upgrade to a newer version. the link to the patch is below. patches httpwww.op enssl.orgn ewspatchcv e20064339. txt i am not sure if i can in fact patch the rpm version with that text file if so great how thanks......
[more]

in iis7 you can do very simple testing for ssl related site hosting.a it literally is like a 2 click process enter a name for the cert and done you now have ssl on your box.a of course this is a selfissuedsigned certificate so it will do you know good in the real world but for most of the developer world it will work fine.a there may be those times however where things may not be quite working ...
[more]

segnalata una vulnerabilit legata ad openssl che interesserebbe ubuntu 8.04 lts e le relative versioni di kubuntu edubuntu e xubuntu. maggiori dettagli sono disponibili sul sito ufficiale della distribuzi one. sharethis......
[more]

segnalata una vulnerabilita legata ad openssl che interesserebbe ubuntu 8.04 lts e le relative versioni di kubuntu edubuntu e xubuntu. maggiori dettagli sono disponibili sul sito ufficiale della distribuzi one. sharethis......
[more]

duplicity from macports is currently broken. the problem is in the portfile which wants to use python 2.5. however there is no openssl package for python 2.5 in macports which gives you this error if you try to backup to s3 through ssl file optlocalli bpython2.5 httplib.py line 1135 in connect ssl socket.sslsock self.key file self.cert file attributeerror module object has no attribute ssl th...
[more]

zitat in der opensslversion 0.9.8h haben die entwickler laut bericht zwei fehler beseitigt die das finnische cert certfi bei tests aufgedeckt hat. so stuerzt eine auf openssl beruhende anwendung ab wenn sie ein tls1.0clie nthellopak et empfngt in dem die servernameextension auf null gesetzt ist. allerdings ist tlsextensi onhandling standardmig deaktiviert es kann nur beim ue...
[more]

fonti programmazione.it coverity il 20 maggio scorso coverity inc. ha annunciato la pubblicazione dei risultati di una approfondita scansione del software open source. la scansione del codice sorgente a avvenuta col supporto del dipartimento per la sicurezza nazionale statunitense nellambito del progetto federale di consolidamento dellopen source. il rapporto finale a basato su due anni di analisi...
[more]

ten days ago a debian security advisory dsa15711 was released that detailed a flaw in the openssl cryptographic libraries that affects both debian and other linux distributions derived from debian. unlike a buffer overflow or many other vulnerabilities this flaw wasnt introduced through insecure programming quite the opposite. in fact the programmer was using valgrind to debug applications in an ...
[more]

last week many debian users got something of a shock when they realized that encryption keys for openssh openssl and openvpn have all been vulnerable to relatively easy compromise for a while. previously i discussed how you can detect and replace vulnerable ssh keys on debian and vincent danen explained another means to find and fix crypto key vulnerabilities that arose as a result of this snafu....
[more]

i know boring dry topic. but useful for those that need it. part of securing windows especially iis 6 is locking down the cryptography to the secure protocols. generally this is a pain. read on for things to make it a little easier about iis 6 security iis 6.0 should be configured to use the strongest and most secure encryption methods available. this short guide will take you through the nec...
[more]

youve probably heard by now about the gaping hole in keys generated by debians openssl. if not the summary is that your ssh keys and ssl certs were selected from a fixed pool of 215 32767 possibilities and are thus easy to bruteforce over the network. if you have any keys generated on a debian system you need to immediately replace them or disable the associated service. its that bad remote lo...
[more]

une faille importante critique a t dcouverte dans openssl sur debian... penser mettre jour et rgnrer vos clefs. pour plus dinformations wiki.debia n.orgsslke ys sourc e linuxfr.org......
[more]

Similar post was found from:
monserveurperso fr
blog cyberserveur net

une faille critique a t dcouverte dans openssl sur debian... penser mettre jour et rgnrer vos clefs. pour plus dinformations wiki.debia n.orgsslke ys sourc e linuxfr.org......
[more]

markus jalmerot har gjort en trevlig och grundlig utvardering av tva svenska modebloggare och en vacker dag sa kanske jag tar och anammar vissa av dessa parametrar till bloggvarde.ses vardering. idg skriver aven om detta. mattias swenson som enligt mig ar en av sveriges yngsta och hetaste entreprenarer som bl.a star bakom forumet swedish startups berattar att bloggkoll nu finns en en alldeles ny ...
[more]

ive ranted about this at length before im sure even in print in oreilys open sources 2. but now debian have proved me right again beyond my wildest expectations. two years ago they fixed a problem in openssl reported by valgrind1 by removing any possibility of adding any entropy to openssls pool of randomness2. the result of this is that for the last two years from debians etch release until now ...
[more]

o jimmy atkinson escreveu este interessante artigo o tatulo explica tudo. reproduzo aqui apenas a lista dos programas proprietarios e das alternativas de cadigo livre. a importante ler o artigo original em inglas por causa de detalhes importantes e informaaaes adicionais ou para conhecer outras opiniaes nem todo mundo concordou com as dicas do jimmy. ba sicos win dows vista os para ubuntu os ...
[more]

adding to the previous post titled an apache implementation today we will discuss implementing openssl under apache. to quote from the openssl site openssl is a collaborative effort to develop a robust commercialgrade fullfeatured and open source toolkit implementing the secure sockets layer ssl v2v3 and transport layer security tls v1 protocols as well as a fullstrength general purpose cryptogra...
[more]

weave is a mozilla labs project to explore the blending of the desktop and the web through deeper integration of the browser with online services. today were releasing an update to the core data synchronization components of weave in preparation for the introduction of data sharing and thirdparty apis. major updates and features significan t reworking and strengthening of core synchronization arch...
[more]

can open source software be more ubiquitous than this a few days ago i was playing extensively with apples iphone investigating each submenu and little details. there is a section listing legal stuff and software being used with each license. gpl lgpl bsd and other open source licensed software rule the iphone. some i have noted bsd kernel pppd poll emulation by brian clapper stack protector by ...
[more]

ethereal oliendo el pegamento que mantiene a internet unida. ethereal es un analizador de protocolos de red para unix y windows y es libre free. nos permite examinar datos de una red viva o de un archivo de captura en algan disco. se puede examinar interactivamente la informacian capturada viendo informacian de detalles y sumarios por cada paquete. ethereal tiene varias caracterasticas poderosas ...
[more]

so apparently i now write python. in a flustered lastminute push to get the fire eagle python api binding ready to ship i had to switch it to use https and point to fireeagle. yahooapis. com natch. given that im relatively new to python it took a moment to realise i had simply to switch from httplib.ht tpconnecti on to httplib.ht tpsconnect ion. this would have all been fine save one issue apparently ...
[more]

...slfips1 .1.2timesd guxx86.t o pensslfips 1.1.2times sparc.t op ensslfips1 .1.2instal l.djgpp co uburycoubu rydesktop just not sure what to do next......
[more]

...acoonra coon.conf ergebnis terminal1 foreground mode. 20080218 232423 info ipsectools 0.6.6 httpipsect ools.sourc eforge.net 20080218 232423 info this product linked openssl 0.9.8e 23 feb 2007 httpwww.op enssl.org 20080218 232424 debug compression algorithm can not be checked because sadb message doesnt support it. 20080218 232424 debug open varrunraco onracoon.s ock as racoon management . 20080218 232424...
[more]