[kwlug-disc] Heartbleed affected sites
unsolicited at swiz.ca
Fri Apr 11 16:24:37 EDT 2014
The bug was introduced 2 years ago, but its not known to have been
exploited, from anything I've seen, which doesn't say much.
Nefarious activity in the wild is monitored by various organizations to
whatever extent it is, and the issue was not discovered / reported by
them, as far as I know.
From what I saw a 64k chunk of memory is potentially exposed in an ssh
server to someone if they were exploiting it, for which we don't know
they were. (Or even aware it was possible.)
Doesn't mean there was anything useful in that 64k chunk. Which they
would then have to decipher in the sense of figuring out if there is
anything useful, and that usefulness has to extend to being able to do
something with it.
Without any knowledge one way or the other, I assume CRA is shut down
not because there's an issue going forward (problem easily patched,
now), but because they don't know what might have happened during or
within. Short of checksumming every system, I don't know how they might
prove one way or another. But someone higher up is probably requiring
due diligence on something that can't be proven.
I do wonder if 'change your password' isn't FUD, promoted for trying to
give users the sense that they're in control of their own security, and
that changing their password will let them be proactive and 'solve the
There's a lot if 'ifs' to the chain of events above before you have
certainty of impact. And a lot of other risks (especially human error)
out there that are quite probably more likely to happen and impact you
than this one. No, I don't know what they are, either. But I also
haven't seen any impact.
It's a lot of work to change all the passwords, let alone for some time
afterwards trying to remember what you changed them to.
Not sure it's worth the effort in the absence of any detected impact.
Hard to say its not just fear mongering. Certainly some media I've seen
running around with their heads cut off demonstrate a deep
misunderstanding of things, yet their heads are still talking.
On 14-04-11 10:51 AM, CrankyOldBugger wrote:
> Mashable has a list going of sites affected by Heartbleed:
> Don't forget to add Canada Revenue (and most other government sites) to
> your list of passwords to change!
More information about the kwlug-disc