As you may have heard, a serious bug in the OpenSSL library was disclosed to the public on April 7th, 2014 (CVE-2014-0160). This library handles SSL encryption for the majority of sites on the Internet — including Load Impact.
In response to this critical vulnerability, we have conducted a comprehensive security review and would like to let you know that Load Impact has only been vulnerable to this bug for the past six months and is no longer vulnerable.
We have only been vulnerable to this bug since when we started using Amazon's SSL service (through Amazon's ELBs) back in October 2013, so our exposure is limited. However, since there is still a risk that someone may have stolen information from us in the past six months, we have now replaced our SSL certificates.
Since you have logged on to your Load Impact account in the last six months, we advice you to take the following extra precautions:
Change your password
Generate new API keys
Due to the widespread nature of this vulnerability, we recommend changing your passwords across the web.
For more information on the Heartbleed bug, please read our blog. Feel free to reply to this email if you have any questions.
Take care, keep safe and happy testing.
/The Load Impact Team
Mapbox пишет:
Скрытый текст
We have secured our infrastructure from Heartbleed, a serious OpenSSL vulnerability that caused security on most of the internet to virtually evaporate overnight (good post by the New York Times).
There is no indication that any data on Mapbox was compromised as a result of Heartbleed, but as a precaution, we strongly suggest that you to reset your password:
Reset Your Mapbox Password
Here is a summary of how our engineering team addressed the vulnerability:
We logged you out of Mapbox.com--you will be required to login again on your next visit.
All services were reviewed and updated immediately.
We rotated our SSL certificates and all other security credentials.
We reviewed all third-party services and worked with their teams to ensure that proper steps were taken to patch their vulnerable services and rotate their credentials.
If you have any questions regarding Heartbleed or anything else, send us a note at support@mapbox.com.
Koding пишет:
Скрытый текст
Hi all,
Just letting you know that Koding is unaffected by the security vulnerability known as Heartbleed.
On April 7 a serious security vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like much of the internet, we responded to this critical issue by conducting a security review of our servers.
We've never used the OpenSSL library. Koding built its own proxies using Go and Go has its own implementation of TLS. Therefore, you don't need to change your password (unless you used the same password on other sites that've been affected by Heartbleed).
We did a thorough investigation anyway and we've concluded that none of servers were affected by this bug, nor was any user information compromised. Our engineering team will continue to monitor the situation.
At Koding we take security and transparency seriously, which is why we're emailing you today to let you know your information is safe. No additional step is required on your behalf. If you have any questions feel free to reply to this.
System Alert: OpenSSL Heartbleed Security Vulnerability
On Monday, the OpenSSL project released an update to address a serious security vulnerability nicknamed «Heartbleed». This vulnerability impacts the encryption used for internet communications and could allow access to decrypted HTTPS traffic. Like many service providers, once Mandrill became aware of Heartbleed, we moved to address, and evaluate the impact of, this vulnerability. We know that our users share our concern for security and privacy, so we want you to be aware of the specifics of Heartbleed vulnerability as it relates to Mandrill.
Impacted services
First and foremost, we have no evidence that the Heartbleed vulnerability was used to obtain any Mandrill data or to access Mandrill services.
Mandrill's relay and application servers were using affected versions of OpenSSL. Patches have been applied to all impacted servers, a process which was completed and confirmed by 14:00 UTC on April 8th. Although Mandrill utilizes Amazon EC2, we don't use the disk images provided by Amazon that were found to be affected. Nevertheless as a precaution, we've replaced our private key and SSL certificate since it's plausible that Mandrill's certificates could have been exposed.
What you should do
While there's no indication that Mandrill user data has been impacted, we strongly recommend that users update their Mandrill account passwords. Since API Keys are used for accessing your account via the API and SMTP, we also recommend deactivating old keys and replacing them with new keys.
Many of our users have sites or applications hosted which store their Mandrill credentials or other sensitive data. So, we also recommend auditing all services you may use to determine if they are also vulnerable, taking steps to repair any vulnerable services, and replacing SSL certificates once the vulnerability has been removed.
Вы являетесь владельцем VPS сервера. Обращаем Ваше внимание, что для используемой Вами операционной системы, была найдена критическая уязвимость безопасности в OpenSSL 1.0.1 и 1.0.2-beta. Более подробно о ней Вы можете прочитать здесь heartbleed.com/
Уязвимость касается openssl и программы, в работе которых нужна данная библиотека. Сервер openssh проблема не затронула.
Для устранения данной уязвимости Вам нужно обновить пакет openssl. Сделать это можно, выполнив команды, приведенные ниже
Для ОС CentOS:
yum clean all
yum update openssl
service httpd restart
Для ОС Debian:
apt-get update
apt-get install openssl
/etc/init.d/apache2 restart
— С уважением,
Служба технической поддержки REG.RU
Создать php окружение в России нельзя — «Region — Обязательное поле.»
После регистрации написано: «Bonus payment for registration 5 USD» но баланс 0, пере-логин не помог.
Да, я думаю что не только тотального перехода не будет, но и в нем нет особого смысла, почему нельзя сейчас использовать IPv6 для служебных целей (межсерверный обмен информацией, охранные системы, датчики, камеры, ip-телефоны и прочее), что высвободит пул адресов для простых пользователей, которого хватит на определенный промежуток времени.
С другой стороны, тотальному переходу на IPv6 поспособствует только жесткое отключение IPv4 везде и всюду, и люди от безысходности будут адаптироваться к окружающей среде переходить на IPv6.
Согласно результатам проведенного исследования по сегменту счетчиков посещаемости и систем веб-аналитики, установленных на сайтах зоны RU самый популярный аналитический сервис — это LiveInternet, а не Google Analytics. И кому верить?
принято решение внедрить принцип технологической нейтральности для полос радиочастот 890-915 МГц и 935-960 МГц для их использования под технологию 3G, а также полос 1710-1785 МГц и 1805-1880 МГц для развития сетей LTE.
«Tele2 Россия» подтвердила намерение использовать имеющиеся у нее частоты 1800 МГц для строительства 4G, хотя ранее заявляла, что проект с покрытием LTE городов от 10 тыс. человек будет инвестиционно непривлекательным: капитальные затраты составят 23 млрд руб., операционные — 20 млрд руб.
Современные игры не используют возможности платформы в должной мере, так как не все устройства одинаковы по производительности и надо сохранить совместимость с максимальным количеством таковых.
As you may have heard, a serious bug in the OpenSSL library was disclosed to the public on April 7th, 2014 (CVE-2014-0160). This library handles SSL encryption for the majority of sites on the Internet — including Load Impact.
In response to this critical vulnerability, we have conducted a comprehensive security review and would like to let you know that Load Impact has only been vulnerable to this bug for the past six months and is no longer vulnerable.
We have only been vulnerable to this bug since when we started using Amazon's SSL service (through Amazon's ELBs) back in October 2013, so our exposure is limited. However, since there is still a risk that someone may have stolen information from us in the past six months, we have now replaced our SSL certificates.
Since you have logged on to your Load Impact account in the last six months, we advice you to take the following extra precautions:
Change your password
Generate new API keys
Due to the widespread nature of this vulnerability, we recommend changing your passwords across the web.
For more information on the Heartbleed bug, please read our blog. Feel free to reply to this email if you have any questions.
Take care, keep safe and happy testing.
/The Load Impact Team
Mapbox пишет:
There is no indication that any data on Mapbox was compromised as a result of Heartbleed, but as a precaution, we strongly suggest that you to reset your password:
Reset Your Mapbox Password
Here is a summary of how our engineering team addressed the vulnerability:
We logged you out of Mapbox.com--you will be required to login again on your next visit.
All services were reviewed and updated immediately.
We rotated our SSL certificates and all other security credentials.
We reviewed all third-party services and worked with their teams to ensure that proper steps were taken to patch their vulnerable services and rotate their credentials.
If you have any questions regarding Heartbleed or anything else, send us a note at support@mapbox.com.
Koding пишет:
Just letting you know that Koding is unaffected by the security vulnerability known as Heartbleed.
On April 7 a serious security vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like much of the internet, we responded to this critical issue by conducting a security review of our servers.
We've never used the OpenSSL library. Koding built its own proxies using Go and Go has its own implementation of TLS. Therefore, you don't need to change your password (unless you used the same password on other sites that've been affected by Heartbleed).
We did a thorough investigation anyway and we've concluded that none of servers were affected by this bug, nor was any user information compromised. Our engineering team will continue to monitor the situation.
At Koding we take security and transparency seriously, which is why we're emailing you today to let you know your information is safe. No additional step is required on your behalf. If you have any questions feel free to reply to this.
Regards,
Koding Team
koding.com
Mandrill пишет:
On Monday, the OpenSSL project released an update to address a serious security vulnerability nicknamed «Heartbleed». This vulnerability impacts the encryption used for internet communications and could allow access to decrypted HTTPS traffic. Like many service providers, once Mandrill became aware of Heartbleed, we moved to address, and evaluate the impact of, this vulnerability. We know that our users share our concern for security and privacy, so we want you to be aware of the specifics of Heartbleed vulnerability as it relates to Mandrill.
Impacted services
First and foremost, we have no evidence that the Heartbleed vulnerability was used to obtain any Mandrill data or to access Mandrill services.
Mandrill's relay and application servers were using affected versions of OpenSSL. Patches have been applied to all impacted servers, a process which was completed and confirmed by 14:00 UTC on April 8th. Although Mandrill utilizes Amazon EC2, we don't use the disk images provided by Amazon that were found to be affected. Nevertheless as a precaution, we've replaced our private key and SSL certificate since it's plausible that Mandrill's certificates could have been exposed.
What you should do
While there's no indication that Mandrill user data has been impacted, we strongly recommend that users update their Mandrill account passwords. Since API Keys are used for accessing your account via the API and SMTP, we also recommend deactivating old keys and replacing them with new keys.
Many of our users have sites or applications hosted which store their Mandrill credentials or other sensitive data. So, we also recommend auditing all services you may use to determine if they are also vulnerable, taking steps to repair any vulnerable services, and replacing SSL certificates once the vulnerability has been removed.
Так же написали из REG.ru с советом:
Вы являетесь владельцем VPS сервера. Обращаем Ваше внимание, что для используемой Вами операционной системы, была найдена критическая уязвимость безопасности в OpenSSL 1.0.1 и 1.0.2-beta. Более подробно о ней Вы можете прочитать здесь heartbleed.com/
Уязвимость касается openssl и программы, в работе которых нужна данная библиотека. Сервер openssh проблема не затронула.
Для устранения данной уязвимости Вам нужно обновить пакет openssl. Сделать это можно, выполнив команды, приведенные ниже
Для ОС CentOS:
yum clean all
yum update openssl
service httpd restart
Для ОС Debian:
apt-get update
apt-get install openssl
/etc/init.d/apache2 restart
— С уважением,
Служба технической поддержки REG.RU
Очень часто использую в навигационных целях.
Было бы неплохо увидеть динамическое перестроение маршрутов
www.youtube.com/embed/8kKhFxhsq1c
Создать php окружение в России нельзя — «Region — Обязательное поле.»
После регистрации написано: «Bonus payment for registration 5 USD» но баланс 0, пере-логин не помог.
С другой стороны, тотальному переходу на IPv6 поспособствует только жесткое отключение IPv4 везде и всюду, и люди от безысходности будут
адаптироваться к окружающей средепереходить на IPv6.В котором очень много параметров ( money.yandex.ru/doc.xml?id=526030 )
в том числе invoiceId
А спросил, потому что Мегафон упоминул только iPhone, видимо как наиболее популярные LTE-фоны
А вот «объединенный курсор» использую довольно часто.
Итоги заседания
Если сломается Google Play удали аккаунт Google перезагрузи и добавь снова
Примерно одинаково, или незначительно проще.