[kwlug-disc] Heartbleed affected sites

Bob Jonkman bjonkman at sobac.com
Fri Apr 11 17:35:01 EDT 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

unsolicited also wrote:
> The bug was introduced 2 years ago, but its not known to have been 
> exploited, from anything I've seen, which doesn't say much.

Just in the last two days I've been seeing an extraordinary amount of
bad SSL traffic on my mail server. So, even it Heartbleed wasn't
exploited before, it's sure being exploited now.

By "bad SSL traffic" I mean SSL connection requests that disconnect
immediately or time out without initiating any kind of SMTP
transaction. I haven't noticed an increase in bad non-SSL traffic.

- --Bob.



On 14-04-11 05:24 PM, unsolicited wrote:
> Wow!
> 
> THAT'S NEWS!
> 
> You'd think that would be making the top of the headlines
> everywhere, and stay there.
> 
> But ... never mind ... they're from the government, and they're
> here to help us ...
> 
> 
> On 14-04-11 04:30 PM, CrankyOldBugger wrote:
>> Well, try not to be surprised, but apparently the NSA has been 
>> exploiting this bug for two years now:
>> 
>> http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
>>
>>
>>
>> 
But yes, the media is doing a wonderful job of convincing people that
>> this issue is far bigger than it really is.
>> 
>> 
>> 
>> On 11 April 2014 16:24, unsolicited <unsolicited at swiz.ca 
>> <mailto:unsolicited at swiz.ca>> wrote:
>> 
>> Why?
>> 
>> The bug was introduced 2 years ago, but its not known to have
>> been exploited, from anything I've seen, which doesn't say much.
>> 
>> Nefarious activity in the wild is monitored by various
>> organizations to whatever extent it is, and the issue was not
>> discovered / reported by them, as far as I know.
>> 
>> From what I saw a 64k chunk of memory is potentially exposed in
>> an ssh server to someone if they were exploiting it, for which we
>> don't know they were. (Or even aware it was possible.)
>> 
>> Doesn't mean there was anything useful in that 64k chunk. Which
>> they would then have to decipher in the sense of figuring out if
>> there is anything useful, and that usefulness has to extend to
>> being able to do something with it.
>> 
>> Without any knowledge one way or the other, I assume CRA is shut 
>> down not because there's an issue going forward (problem easily 
>> patched, now), but because they don't know what might have
>> happened during or within. Short of checksumming every system, I
>> don't know how they might prove one way or another. But someone
>> higher up is probably requiring due diligence on something that
>> can't be proven.
>> 
>> I do wonder if 'change your password' isn't FUD, promoted for
>> trying to give users the sense that they're in control of their
>> own security, and that changing their password will let them be 
>> proactive and 'solve the problem'.
>> 
>> There's a lot if 'ifs' to the chain of events above before you
>> have certainty of impact. And a lot of other risks (especially
>> human error) out there that are quite probably more likely to
>> happen and impact you than this one. No, I don't know what they
>> are, either. But I also haven't seen any impact.
>> 
>> It's a lot of work to change all the passwords, let alone for
>> some time afterwards trying to remember what you changed them
>> to.
>> 
>> Not sure it's worth the effort in the absence of any detected 
>> impact. Hard to say its not just fear mongering. Certainly some 
>> media I've seen running around with their heads cut off
>> demonstrate a deep misunderstanding of things, yet their heads
>> are still talking.
>> 
>> 
>> On 14-04-11 10:51 AM, CrankyOldBugger wrote:
>> 
>> Mashable has a list going of sites affected by Heartbleed:
>> 
>> 
>> http://mashable.com/2014/04/__09/heartbleed-bug-websites-__affected/
>>
>>  
>> <http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/>
>>
>>
>> 
Don't forget to add Canada Revenue (and most other government
>> sites) to your list of passwords to change!
>> 
>> 
>> 
>> _________________________________________________ kwlug-disc
>> mailing list kwlug-disc at kwlug.org <mailto:kwlug-disc at kwlug.org> 
>> http://kwlug.org/mailman/__listinfo/kwlug-disc_kwlug.org 
>> <http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org>
>> 
>> 
>> 
>> 
>> _______________________________________________ kwlug-disc
>> mailing list kwlug-disc at kwlug.org 
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> 
> 
> 
> _______________________________________________ kwlug-disc mailing
> list kwlug-disc at kwlug.org 
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAlNIX/0ACgkQuRKJsNLM5erZ+gCgi4tqYitmMnRjgH1nS47OLvMR
23oAoLzYyNsY/dvrkCl6XJx7qK2AKTne
=SVbQ
-----END PGP SIGNATURE-----

More information about the kwlug-disc mailing list