= OpenSSL Vulnerability Discovered = '''Header only for email section''' Dear May First/People Link members, We are sending this message to all members due to an unusual security problem. '''End of Header for email section''' This week, a security problem was discovered in the Debian operating system that affects May First/People Link servers. We are in the process of updating all of servers to ensure that are not vulnerable. As a result of our updates, some users may experience error messages that you did not see before. == Who is affected? == The ''only'' members who will be affected are members that: * Use [wiki:sftp Secure FTP] or [wiki:secure_shell secure shell (ssh)] to connect to either `malcolm.mayfirst.org` or `mandela.mayfirst.org` (`viewsic.mayfirst.org` and `chavez.mayfirst.org` are not affected). * Use our offsite backup system == Secure Shell/Secure FTP users == If you use Secure FTP or secure shell, you will get a message indicating that the host key has changed along the lines of: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! Please see our [wiki:ssl_host_key_changed host key changed] help file to avoid getting that message in the future. If you are using our offsite backup system - you will also get the [wiki:ssl_host_key_changed host key changed error] - but it will happen during your automated backup process, causing your automated backup to fail until you follow the directions and import the proper new host key. == More Information == Host keys are random bits of text that are unique to every server. The randomness of the keys allows us to have a secure, encrypted connection between you and the server. Due to a bug in the software used to generate our host keys, they were not generated in a way that was random enough. In other words, the range of bits used to create the keys was limited to a guessable number. To fix the problem, we had to re-generated all the affected keys. Please see the [http://wiki.debian.org/SSLkeys Debian wiki page] for a full explanation of the security problem.