1. The Topic of the Month for October is "Make this the Perfect Bugout Location". Please join the discussion in the TOTM forum.

Heart Bleed + linux....

Discussion in 'General Discussion' started by Witch Doctor 01, Apr 15, 2014.

  1. Witch Doctor 01

    Witch Doctor 01 Mojo Maker

    Info to all monkeys....

    Team *****,

    As you may have heard over the past few days, a security vulnerability known as "Heartbleed" was discovered in software called OpenSSL. This software is used by over two thirds of the internet to secure communication between your computer and the servers hosting the social and ecommerce websites you visit online such as Google, Facebook, eBay and Amazon

    As such I want to assure you that we took immediate action and have assessed our vulnerability of our systems to this bug.

    Net: We have found no evidence of any type of intrusion or exposure to this bug to ****** owned and managed systems including ****. This is primarily because this bug targets Linux based operating systems (RHEL, uBuntu, Fedora etc.) which use OpenSSL. ****** uses Microsoft’s proprietary implementation of OpenSSL equivalent called SecureChannel which is immune to this bug. However as a measure of extra caution, we would recommend that you change your windows password next time you log in and watch out for any communication from your financial institutions (banks, credit card companies etc) regarding further action on this bug.

    If you still have any questions or concerns about this announcement, just hit the reply button to get in touch with us. We’re always more than happy to help. I am sharing some additional links that shed more light on this bug.

    http://www.rackspace.com/blog/protect-y ... erability/
    Mike likes this.
  2. oldawg

    oldawg Monkey+++

    For any of the linux gurus here. Does this mean ubuntu 13.10 is ok? The links just confuse me further.
  3. melbo

    melbo Hunter Gatherer Administrator Founding Member

    It affects web servers that run OpenSSL to serve pages encrypted (https)
    Desktop OS's should be fine although patches should be available regardless. On ubuntu:
    sudo apt-get update
    sudo apt-get upgrade
    SM was patched on day zero of the discovery of the vulnerability by our security specialist
    kellory and BTPost like this.
  4. melbo

    melbo Hunter Gatherer Administrator Founding Member

    BTPost likes this.
  5. oldawg

    oldawg Monkey+++

    Thanks Melbo.
    ghrit likes this.
  6. BTPost

    BTPost Old Fart Snow Monkey Moderator

    and just a NOTE, here: Apple uses an Older Version of OpenSSL, which also does NOT contain the HeartBeat Bug, on ALL their Server Products, released to Date.... ......
  7. melbo

    melbo Hunter Gatherer Administrator Founding Member

    But all OSX and iOS systems had a different SSL vulnerability around 6 weeks ago...
  8. BTPost

    BTPost Old Fart Snow Monkey Moderator

    Yep, it was a client side bug and was patched and fixed in about 12 hours.... and only effected IOS 7.x and OSX 10.8.x - 10.9.1
    All my Servers are running OSX 10.6.8, which was not effected, and my IOS Devices were patched within 24 hours....
  9. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Oh yeah, response was quick and my wife's Air and all our assorted iDevices were patched quickly.
survivalmonkey SSL seal        survivalmonkey.com warrant canary