[kwlug-disc] Heartbleed affected sites

Bob Jonkman bjonkman at sobac.com
Fri Apr 11 15:26:11 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you're using a tool to check for Heartbleed vulnerabilities, be
sure to check the Web interface on your router and/or modem as well.

I'm not sure if router vendors are on top of this, but according to
ssltest.py my Tomato/MLPPP Version 1.25-mp3alpha6 (from
http://fixppp.org ) is not vulnerable, nor my Thomson Speedtouch modem
with firmware 6.1.0.5

Also, somebody asked me how safe these vulnerability checking tools
are, especially the online and Javascript-based ones. What's to say
they're not merely displaying "all is well", and actually compiling a
list of vulnerable sites for later exploitation?

- --Bob.


On 14-04-08 12:06 PM, Khalid Baheyeldin wrote:>
> You can use this python tool ssltest.py to check if your servers 
> are vulnerable:
> 
> $ wget -O ssltest.py "http://pastebin.com/raw.php?i=WmxzjkXJ" $ 
> python ssltest.py example.com


On 14-04-11 10:51 AM, CrankyOldBugger wrote:
> Mashable has a list going of sites affected by Heartbleed:
> 
> http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
> 
> Don't forget to add Canada Revenue (and most other government 
> sites) to your list of passwords to change!



Bob Jonkman <bjonkman at sobac.com>          Phone: +1-519-669-0388
SOBAC Microcomputer Services             http://sobac.com/sobac/
http://bob.jonkman.ca/blogs/    http://sn.jonkman.ca/bobjonkman/
Software   ---   Office & Business Automation   ---   Consulting
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAlNIQdEACgkQuRKJsNLM5epRdwCg2lOb8IU+MasK5tbnLKueZNcf
KEoAoNhd+K0k9s0y4zKqtof8iYTxxOHY
=Sm+H
-----END PGP SIGNATURE-----




More information about the kwlug-disc mailing list