Deprecated: Array and string offset access syntax with curly braces is deprecated in /homepages/21/d38531796/htdocs/jose/smfforum/Sources/Subs.php on line 3825
Heartbleed

Author Topic: Heartbleed  (Read 3310 times)

0 Members and 1 Guest are viewing this topic.

Offline Mike Stefanik

  • Full Member
  • ***
  • Posts: 104
  • User-Rate: +10/-6
    • Catalyst Development
Heartbleed
« on: April 09, 2014, 07:52:42 PM »
For those of you using Linux, you should immediately check for any updates to OpenSSL and install them. The Heartbleed bug is a serious vulnerability in OpenSSL 1.0.1 (and later versions) that allows an attacker to read memory on the server that could contain the server's private key, usernames, passwords, etc. This doesn't affect Windows applications that use CAPI and SChannel (or the WinInet APIs), however it would affect any software that was linked against the OpenSSL libraries on Windows.

Mike Stefanik
sockettools.com

Offline Brice Manuel

  • Full Member
  • ***
  • Posts: 154
  • User-Rate: +0/-0
Re: Heartbleed
« Reply #1 on: April 23, 2014, 09:09:31 PM »
A bit late, but thank you for the reminder.

Offline Mike Stefanik

  • Full Member
  • ***
  • Posts: 104
  • User-Rate: +10/-6
    • Catalyst Development
Re: Heartbleed
« Reply #2 on: April 23, 2014, 09:25:16 PM »
A bit late, but thank you for the reminder.

Just to note, I had posted that on the morning of the 9th, about 24 hours after the initial public disclosure and when patches were issued for OpenSSL. I expect that most system administrators first learned about it on the afternoon of the 7th, but there was some lag between the time it was disclosed and when updates were pushed to the various repositories, etc. This was a "just in case you hadn't heard" kind of post for folks that don't regularly track security advisories.
Mike Stefanik
sockettools.com

Offline Brice Manuel

  • Full Member
  • ***
  • Posts: 154
  • User-Rate: +0/-0
Re: Heartbleed
« Reply #3 on: April 23, 2014, 10:19:05 PM »
I meant my reply and thank you was a bite late. ;c)

I updated my main systems, but forgot all about a couple of backup systems that I use from time to time when out and about and have access to WiFi.  Reading your post reminded to me update those too.

Offline Mike Stefanik

  • Full Member
  • ***
  • Posts: 104
  • User-Rate: +10/-6
    • Catalyst Development
Re: Heartbleed
« Reply #4 on: April 23, 2014, 10:33:05 PM »
Ah, I was thinking "Well, it was about a day after it went public, but it really wasn't that late, was it?" and that perhaps you thought I had just posted information about it today. In any case, glad to serve as the reminder. If you were running any public servers, also keep in mind that just updating the OpenSSL libraries is only half of the equation. You'll also want to request a reissue of your certificate(s) using a new private key, just in case.

Mike Stefanik
sockettools.com

Offline Brice Manuel

  • Full Member
  • ***
  • Posts: 154
  • User-Rate: +0/-0
Re: Heartbleed
« Reply #5 on: April 23, 2014, 10:49:00 PM »
I didn't see the thread until today, so I was merely commenting on my lateness of a thank you for the reminder.  I should have been more clear. ;c)