Info to all monkeys.... Team *****, As you may have heard over the past few days, a security vulnerability known as "Heartbleed" was discovered in software called OpenSSL. This software is used by over two thirds of the internet to secure communication between your computer and the servers hosting the social and ecommerce websites you visit online such as Google, Facebook, eBay and Amazon As such I want to assure you that we took immediate action and have assessed our vulnerability of our systems to this bug. Net: We have found no evidence of any type of intrusion or exposure to this bug to ****** owned and managed systems including ****. This is primarily because this bug targets Linux based operating systems (RHEL, uBuntu, Fedora etc.) which use OpenSSL. ****** uses Microsoft’s proprietary implementation of OpenSSL equivalent called SecureChannel which is immune to this bug. However as a measure of extra caution, we would recommend that you change your windows password next time you log in and watch out for any communication from your financial institutions (banks, credit card companies etc) regarding further action on this bug. If you still have any questions or concerns about this announcement, just hit the reply button to get in touch with us. We’re always more than happy to help. I am sharing some additional links that shed more light on this bug. http://www.rackspace.com/blog/protect-y ... erability/ http://heartbleed.com
For any of the linux gurus here. Does this mean ubuntu 13.10 is ok? The links just confuse me further.
It affects web servers that run OpenSSL to serve pages encrypted (https) Desktop OS's should be fine although patches should be available regardless. On ubuntu: Code: sudo apt-get update sudo apt-get upgrade SM was patched on day zero of the discovery of the vulnerability by our security specialist
To clarify, SM is not running SSL/TLS (https) yet but we are ready to make the switch so that all SM links become https instead of http ; giving you that little padlock in your browser which means that all traffic between you and the SM server is encrypted. We're also looking into a few other methods for security: Why the Web Needs Perfect Forward Secrecy More Than Ever | Electronic Frontier Foundation
and just a NOTE, here: Apple uses an Older Version of OpenSSL, which also does NOT contain the HeartBeat Bug, on ALL their Server Products, released to Date.... ......
Yep, it was a client side bug and was patched and fixed in about 12 hours.... and only effected IOS 7.x and OSX 10.8.x - 10.9.1 All my Servers are running OSX 10.6.8, which was not effected, and my IOS Devices were patched within 24 hours....
