[kwlug-disc] Heartbleed OpenSSL bug

Adam Glauser adamglauser at gmail.com
Tue Apr 8 11:54:03 EDT 2014


On Tue, Apr 8, 2014 at 11:40 AM, L.D. Paniak
<ldpaniak at fourpisolutions.com>wrote:

> As many of you already know, there is a critical flaw in OpenSSL
> versions 1.0.1-1.0.1f (and 1.0.2beta) which allows for attackers to
> access server (and client) memory.


Regarding client software:
You can check Cygwin systems as follows: `cygcheck -l | grep cygssl`
Firefox and Chrome/Chromium use NSS instead of OpenSSL, so are not
vulnerable.

Also, there is a command-line tester tool you can use to check your sites.
[1] There is also a web tester at http://filippo.io/Heartbleed/, though it
seems to be having load problems (surprise!).

Does anyone know if Android apps typically provide their own SSL
implementation? That is, does each app need updating?

[1] https://github.com/FiloSottile/Heartbleed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140408/e0cc5548/attachment.html>


More information about the kwlug-disc mailing list