Is now a bad time to ask why the NZITF site is HTTP only?
:)
—
Juha
On 9/04/2014, at 1:21 pm, Dean Pemberton
Hi All,
NZITF (in conjunction with InternetNZ) have been endeavouring to raise awareness about this issue. We have compiled some information on our website, which may be of use to you and/or your clients. Please feel free to share this link as widely as you see fit. http://www.nzitf.org.nz/news.html
The NZITF is treating this as an ongoing security issue with significant implications. As a result we are intending to monitor this situation and update our advice as required.
We have tree basic messages for website owners:
1. Establish if your site's servers are vulnerable. 2. Patch the vulnerable servers. 3. Revoke/reissue keys and certificates.
If you are vulnerable it is imperative that you do steps 2 AND 3. Not one, but both. You should also be encouraged to discuss this very important issue with your regular security consultants.
If you have feedback or information please feel free to contact me so we can include it in the advice on the website.
Regards, Dean _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog