addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrosseditemptyheartexportfacebookfolderfullheartglobegmailgoogleimageimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

Our monthly Linux User Group Meeting....

Tonight we have two presenters - 'The Heartbleed Bug' with Jack Radigan  and 'The Future of UAV Drones in the Public Space' with Brian Wilson (Good Day NY story).

This month's agenda:

7:00 to 7:20 Networking

7:20 to 7:50 Introductions and Linux News

8:00 to 8:05 Nixie looks @ Ubuntu TV

8:05 to 8:20 ......from the cmd line

8:20 to 8:55 Nick's UAV chat introduces Brian Wilson

8:55 to 9:00 Coffee break - Chit Chat

9:00 -=>      Heartbleed bug demo by Jack

Many of us have already been effected by the Heartbleed bug and Jack will be explaining what it is(was) and giving us a talk on it tonight.

Netcraft's site reports now make it easy to see which websites have or have not revoked their SSL certificates in response to the Heartbleed bug.

Around 17% of all trusted SSL web servers were vulnerable to the Heartbleed bug when it was publicly disclosed earlier this month. The bug made it possible to steal a server's private keys, thus allowing unauthorised parties to impersonate an affected website using its own SSL certificate. Consequently, around a quarter of the 500,000+ potentially-compromised certificates have already been reissued to date, but despite the importance of doing so, relatively few of these have also been revoked.

Some website administrators quickly responded to the Heartbleed bug by upgrading OpenSSL and issuing new SSL certificates, but issuing new certificates alone is not enough. Despite the difficulties involved in online revocation checking during a man-in-the-middle attack, the previous, possibly-compromised certificates must be revoked. Revocation checking can still be effective in some cases, especially when the revocation is included in Google's CRLSets.

For example, Yahoo had several high-profile websites which were vulnerable to the Heartbleed bug, and if the SSL certificates' private keys were compromised, they still are. Although the underlying OpenSSL vulnerability was quickly fixed on Yahoo's servers, it was not quick enough to prevent the vulnerability being exploited to reveal some of the email addresses and passwords used by Yahoo users. Yahoo has since reissued the affected certificates, and with the possibility of a key compromise, it would also have been sensible for Yahoo to revoke the old ones — but they have yet to do so.




Directions: http://alturl.com/c8fka

Though we're primarily a Linux group, all operating systems are welcome (even that Wimpdows one) as our members have Macs, iPads, iPhones, and SmartPhones as well as Linux Desktops/Laptops - so we're a great Q & A resource..

Join or login to comment.

  • Nickalf.....

    Please comment on last night's meeting (good or bad) and let me know what you'd like at our future meetings.

    Thanks for those of you who commented - Good job Jack and Brian for two great presentations..

    April 30, 2014

    • Alex

      Oh, don't take that the wrong way. It really did go well with the point that things go wrong with computers, with it being about a bug in the first place.

      April 30, 2014

    • Bart L.

      I don't think that anybody is going to try to make things go wrong. Great presentations, btw.

      May 1, 2014

  • Dan

    Many thanks to Brian Wilson for his presentation on the direction of UAV Drone activity in terms of both technology and compliance development. I would like to see more presentations from outside speakers on topics of mutual interest to the group.

    Also many thanks to Jack for his presentation on heartbleed. This is the first explanation I have seen that gave me a real understanding of not only root cause but how the inaction of media providers like Yahoo have really exacerbated the problem by their unwillingness to take the expense hit and reboot their authentication process. I would like to see more technical presentations like this as well.

    1 · May 1, 2014

  • Ian

    Great meeting. It was interesting, engaging, and relevant.

    1 · April 30, 2014

  • Ian

    Thanks for setting this up. This was a really interesting presentation. I look forward to the next meeting.

    1 · April 29, 2014

  • Ted

    will try to make it tonight... not sure... everybody have a great meeting!

    April 29, 2014

    • Nickalf.....

      Sorry you missed very interesting and diverse presentations - C U next time..

      April 29, 2014

  • Bart L.

    My "Yes" is VERY indefinite; I will cancel if I can't make it (short of a 2 hour traffic jam coming in, which HAS happened). If I come, I should make it by 8PM, and will try to leave work a bit earlier.

    April 25, 2014

  • Alex

    Does anyone know what I'm supposed to do? I can start Ubuntu from a small USB drive on my Windows 8 laptop with UEFI, but when I ran the install program, it didn't see Windows. I would want a dual boot.

    April 11, 2014

16 went

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy