Uh Oh! TLS/SSL Heartbeat Vulnerability Time

TLS heartbeat read overrun (CVE-2014-0160)

Test using our online tool to see if your server is affected
https://new.dc414.org/projects/ssl-heartbleed-cve-2014-0160-test/

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley and Bodo Moeller for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

April meeting — salted butter or not?

April brought another great meeting!  Thanks again for the Milwaukee Makerspace for hosting us.  Klaiviel taught us quite a few things about locks, he had his collection out for display.  IMG_20140404_204820

We then toured the facility again, always a great time to explore the Makerspace!  We were able to see this crazy subwoofer in action!  IMG_20140404_234902

It’s a booth you sit inside and /FEEL THE G’s/   Here’s Vlad inside:

IMG_20140404_233141

 

We had to tone it down after threats of the police being called for noise were voiced.  🙂

After that, we went back and saw a cool piece of machinery that Mike put together, cooling a computer and GPU with a dehumidifier!

IMG_20140404_224432

 

We then spent the better part of the evening debating the merits of salted butter, vs unsalted butter.  Seems Faraday really has a strong opinion about it!  here’s this… equation that lays it all out for us:

IMG_20140405_002508

 

All in all, another great meeting.  See you next month at the Meetupery!

-darkwind