Sorry - my answer was unclear - you will see the bug in anything that uses
the TLS implementation in OpenSSL. I said https because it seemed like
(maybe I misunderstood) Nik was asking about http. Admittedly I was tired
when I replied; in retrospect I should have waited :)
So if SPDY uses TLS with
Nope, works also on other protocols like IMAPS.
Am 08.04.2014 15:30, schrieb Chris Schmidt:
> The bug is in the TLS implementation in OpenSSL, you will only see it on
> https
>
> Sent from my iPhone
>
>> On Apr 8, 2014, at 4:43 AM, "Nik Mitev" wrote:
>>
>> I used the tool Kirils linked (http:/
On Tue, Apr 08, 2014 at 01:30:11PM +, Chris Schmidt wrote:
> The bug is in the TLS implementation in OpenSSL, you will only see it on https
Not true, e.g. SMTP servers that support STARTTLS are also affected.
signature.asc
Description: Digital signature
_
El 08/04/2014 13:59, Jann Horn escribió:
On Tue, Apr 08, 2014 at 10:23:26AM +0200, Joerg Mertin wrote:
Ubuntu already has released:
http://www.ubuntu.com/usn/usn-2165-1/
My server updated during the night :}
Make sure that it actually worked! I did this after updating my debian server:
root@
Downgraded and tested again.
Testing Tor with ssltest.py shows successful SSL connection and no
response to the heartbeat request, reports not vulnerable.
Testing OpenVPN - TCP connection OK, SSL connection fails, server
reports MTU discrepancy. Complaining that a 277 byte frame does not have
a len
Even if your systems were patched an attacker could have already attained
the secrets.
Certs and other sensitive information need to be reconsidered for
replacement or changed
On Apr 8, 2014 8:00 AM, "Jann Horn" wrote:
> On Tue, Apr 08, 2014 at 10:23:26AM +0200, Joerg Mertin wrote:
> > Ubuntu a
How about this one?
http://filippo.io/Heartbleed/
On Tue, Apr 8, 2014 at 8:59 AM, Jann Horn wrote:
> On Tue, Apr 08, 2014 at 10:23:26AM +0200, Joerg Mertin wrote:
> > Ubuntu already has released:
> > http://www.ubuntu.com/usn/usn-2165-1/
> >
> > My server updated during the night :}
>
> Make s
I'm curious if anyone has noticed issues connecting to remote hosts after
installing the RHEL/CentOS patch?
For example, the CyberSource payment gateway is no longer accessible from a
patched server. The gateway has the URL
https://ics2ws.ic3.com/commerce/1.x/transactionProcessor. Before the pat
Watching #HeartBleed on Twitter is full of popcorn.gif
Oh, and here's something fun:
https://github.com/musalbas/heartbleed-masstest
On Mon, Apr 7, 2014 at 8:10 PM, Kirils Solovjovs <
kirils.solovj...@kirils.com> wrote:
> We are doomed.
>
> Description: http://www.openssl.org/news/vulnerabiliti
The bug is in the TLS implementation in OpenSSL, you will only see it on https
Sent from my iPhone
> On Apr 8, 2014, at 4:43 AM, "Nik Mitev" wrote:
>
> I used the tool Kirils linked (http://possible.lv/tools/hb/) and my
> unpatched servers running a Tor node or an Openvpn server returned
> cor
On Tue, Apr 08, 2014 at 10:23:26AM +0200, Joerg Mertin wrote:
> Ubuntu already has released:
> http://www.ubuntu.com/usn/usn-2165-1/
>
> My server updated during the night :}
Make sure that it actually worked! I did this after updating my debian server:
root@thejh:/home/jann# for pid in $(grep -
I used the tool Kirils linked (http://possible.lv/tools/hb/) and my
unpatched servers running a Tor node or an Openvpn server returned
correct (old) version of openssl but not vulnerable.
Is it the bug or the tool that seems to be limited to https I wonder?
Patched now so can't test with this tool
Ubuntu already has released:
http://www.ubuntu.com/usn/usn-2165-1/
My server updated during the night :}
On Monday 07 April 2014 23:09:58 David H wrote:
> RHEL update just released, hopefully CentOS soon:
> https://rhn.redhat.com/errata/RHSA-2014-0376.html
>
>
> On Mon, Apr 7, 2014 at 8:10 PM,
This seems to be the best test so far:
http://s3.jspenguin.org/ssltest.py
Other tests false-positive on patched versions from what I can see.
On 8 April 2014 01:10, Kirils Solovjovs wrote:
> We are doomed.
>
> Description: http://www.openssl.org/news/vulnerabilities.html
> Article dedicated t
Document Title:
===
Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1250
Release Date:
=
2014-04-07
Vulnerability Laboratory ID (VL-ID):
==
RHEL update just released, hopefully CentOS soon:
https://rhn.redhat.com/errata/RHSA-2014-0376.html
On Mon, Apr 7, 2014 at 8:10 PM, Kirils Solovjovs <
kirils.solovj...@kirils.com> wrote:
> We are doomed.
>
> Description: http://www.openssl.org/news/vulnerabilities.html
> Article dedicated to the
16 matches
Mail list logo
