[kwlug-disc] Heartbleed OpenSSL bug

Khalid Baheyeldin kb at 2bits.com
Tue Apr 8 12:06:42 EDT 2014


The Ubuntu fix for this came out yesterday.

You can use this python tool ssltest.py to check if your servers are
vulnerable:

$ wget -O ssltest.py "http://pastebin.com/raw.php?i=WmxzjkXJ"
$ python ssltest.py example.com



On Tue, Apr 8, 2014 at 11:54 AM, Adam Glauser <adamglauser at gmail.com> wrote:

> On Tue, Apr 8, 2014 at 11:40 AM, L.D. Paniak <ldpaniak at fourpisolutions.com
> > wrote:
>
>> As many of you already know, there is a critical flaw in OpenSSL
>> versions 1.0.1-1.0.1f (and 1.0.2beta) which allows for attackers to
>> access server (and client) memory.
>
>
> Regarding client software:
> You can check Cygwin systems as follows: `cygcheck -l | grep cygssl`
> Firefox and Chrome/Chromium use NSS instead of OpenSSL, so are not
> vulnerable.
>
> Also, there is a command-line tester tool you can use to check your sites.
> [1] There is also a web tester at http://filippo.io/Heartbleed/, though
> it seems to be having load problems (surprise!).
>
> Does anyone know if Android apps typically provide their own SSL
> implementation? That is, does each app need updating?
>
> [1] https://github.com/FiloSottile/Heartbleed
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>


-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140408/890f358b/attachment.html>


More information about the kwlug-disc mailing list