<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Apr 8, 2014 at 11:40 AM, L.D. Paniak <span dir="ltr"><<a href="mailto:ldpaniak@fourpisolutions.com" target="_blank">ldpaniak@fourpisolutions.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">As many of you already know, there is a critical flaw in OpenSSL<br>
versions 1.0.1-1.0.1f (and 1.0.2beta) which allows for attackers to<br>
access server (and client) memory.</blockquote><div><br></div><div>Regarding client software:</div><div>You can check Cygwin systems as follows: `cygcheck -l | grep cygssl`</div><div>Firefox and Chrome/Chromium use NSS instead of OpenSSL, so are not vulnerable.</div>
<div><br></div><div>Also, there is a command-line tester tool you can use to check your sites. [1] There is also a web tester at <a href="http://filippo.io/Heartbleed/">http://filippo.io/Heartbleed/</a>, though it seems to be having load problems (surprise!).</div>
<div><br></div><div>Does anyone know if Android apps typically provide their own SSL implementation? That is, does each app need updating?<br></div><div><br></div><div>[1] <a href="https://github.com/FiloSottile/Heartbleed">https://github.com/FiloSottile/Heartbleed</a> </div>
</div></div></div>