Forum OpenACS Q&A: Re: https is down
12: Re: https is down (response to 8)
Posted by Andrew Piskorski on 09/18/03 07:24 PM
Andrew S., where did you find that info about "RSA blinding"? Oh, it was here, from April, and the original 17 March advisory. It would be nice to know how serious a security vulnerabilty this really is. From the discussion in Vulnerability Note VU#997481, I suspect it is pretty low risk for most web servers on the Internet. Various googles show a lot of info from back in March.
[grumble grumble] My fairly un-informed take on this is that some of these rushed in security patches are not all that well thought out. Breaking thread-safety by default in a security patch to a formerly thread-safe library strikes me as really obnoxious.