Dear Amazon EC2 Customer,
The OpenSSL project has recently announced a security vulnerability in OpenSSL affecting versions 1.0.1 and 1.0.2 (CVE-2014-0160). Customers that are running Linux and are using SSL could be affected by this issue and should upgrade to a fixed version as soon as possible.
......
For more information about this vulnerability, please visit
* AWS Security Bulletin page: https://aws.amazon.com/
* OpenSSL’s official advisory: https://www.openssl.org/news/
* The Heartbleed Bug: http://heartbleed.com/
Thank you,
AWS Security
Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210
That was the message in my inbox this morning, this following being notified by a friend in the Open Source space of this issue. One thing this tells me is that MOST of us don't know what is going on with security of our resources and how vulnerable we are to loss and compromise of data. I'm an IT professional and it's pretty tough for me to wrap my head around some things.
I remember in my earlier days of development how uncomfortable I felt using Google's Client Login to achieve what we now take for granted today by using protocols such as OAuth2 to access an end users' resources. All that being said, for 98% of the world using technologies they don't understand the potential risks and harm associated with the technology itself.
One thing is for sure, the public needs to become more actively involved in shaping regulations and standards that govern their online usage, there are various ways this can be done but one way is to find organizations that spend their time and effort researching these things such as ... wow, I really don't know of any groups... this reinforces my point...
Delton
