[kwlug-disc] Heartbleed affected sites

John Johnson jvj at golden.net
Fri Apr 11 16:00:21 EDT 2014


This morning the CBC mentioned that some "hardware" is affected by the 
Heartbleed issue.
If the CBC knows, I am sure that you can rest assured that the vendors 
know as well.
Whether or not they "are on top of it" is anyone's guess.

JohnJ


On 2014-04-11 15:26, Bob Jonkman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If you're using a tool to check for Heartbleed vulnerabilities, be
> sure to check the Web interface on your router and/or modem as well.
>
> I'm not sure if router vendors are on top of this, but according to
> ssltest.py my Tomato/MLPPP Version 1.25-mp3alpha6 (from
> http://fixppp.org ) is not vulnerable, nor my Thomson Speedtouch modem
> with firmware 6.1.0.5
>
> Also, somebody asked me how safe these vulnerability checking tools
> are, especially the online and Javascript-based ones. What's to say
> they're not merely displaying "all is well", and actually compiling a
> list of vulnerable sites for later exploitation?
>
> - --Bob.
>
>
> On 14-04-08 12:06 PM, Khalid Baheyeldin wrote:>
>    
>> You can use this python tool ssltest.py to check if your servers
>> are vulnerable:
>>
>> $ wget -O ssltest.py "http://pastebin.com/raw.php?i=WmxzjkXJ" $
>> python ssltest.py example.com
>>      
>
> On 14-04-11 10:51 AM, CrankyOldBugger wrote:
>    
>> Mashable has a list going of sites affected by Heartbleed:
>>
>> http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
>>
>> Don't forget to add Canada Revenue (and most other government
>> sites) to your list of passwords to change!
>>      
>
>
> Bob Jonkman<bjonkman at sobac.com>           Phone: +1-519-669-0388
> SOBAC Microcomputer Services             http://sobac.com/sobac/
> http://bob.jonkman.ca/blogs/    http://sn.jonkman.ca/bobjonkman/
> Software   ---   Office&  Business Automation   ---   Consulting
> GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
> Comment: Ensure confidentiality, authenticity, non-repudiability
>
> iEYEARECAAYFAlNIQdEACgkQuRKJsNLM5epRdwCg2lOb8IU+MasK5tbnLKueZNcf
> KEoAoNhd+K0k9s0y4zKqtof8iYTxxOHY
> =Sm+H
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
> -----
>
> Checked by AVG - www.avg.com
> Version: 2014.0.4355 / Virus Database: 3882/7329 - Release Date: 04/10/14
>
>
>    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140411/ece3e55d/attachment-0001.html>


More information about the kwlug-disc mailing list