[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenSSL worm in the wild

To: Bugtraq <BUGTRAQ@securityfocus.com>, Cryptography <cryptography@wasabisystems.com>, cypherpunks <cypherpunks@einstein.ssz.com>, Apache SSL <apache-ssl@lists.aldigital.co.uk>
Subject: OpenSSL worm in the wild
From: Ben Laurie <ben@algroup.co.uk>
Date: Fri, 13 Sep 2002 18:16:33 +0100
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020815

I have now seen a worm for the OpenSSL problems I reported a few weeks 
back in the wild. Anyone who has not patched/upgraded to 0.9.6e+ should 
be _seriously worried_.

It appears to be exclusively targeted at Linux systems, but I wouldn't 
count on variants for other systems not existing.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Prev by Date: 1024-bit RSA keys in danger of compromise
Prev by thread: 1024-bit RSA keys in danger of compromise
Index(es):
- Date
- Thread