Wizard
Heard about this over the past few days? Apparently, all the secure websites (Banking, Auction/Paypal, email, etc) we've all been using safely with the knowledge that https (little padlock icon) is a secure site, is wrong!
What the "Heartbleed" Security Bug Means For You
YarnMaster
SubscriberSome of the Australian major banks and other financial institutions (PayPal) have reportedly come out and said they are not affected, one actually confirming they do not use 'open SSL'.
Have Australian websites staunched "catastrophic" Heartbleed risk?
2024 RRS on the road
2011 D4 3.0 in the drive way
1999 D2 V8, in heaven
1984 RRC, in hell
Swaggie
Interesting reading about a headache for the cyber security people.
The Heartbleed Bug: Are you at risk?
Diagnosis of the OpenSSL Heartbleed Bug
It's hell for a lot of IT people - I know one of our work servers is offline until I have time to update OpenSSL (of course, it doesn't like me and doesn't want to update) - the majority of IT Sys Admins I know are having a hell of a time with it!
Swaggie
Wizard
Oddly, this only affects systems running openssl, usually Linux\BSD type operating systems and a great deal of open source software runs it too.
Those who use Windows Server and MSSSL are fine, of course if you are running a Linux VM in your win server, watch out.
Very Very Lucky!
what about http://www.aulro.com/ is it affected like Yahoo, Google, Facebook........
SysAdmin (Owner)
Is fineOriginally Posted by weakestlink
It only affects certain versiobs of openssl not all btw
2007 Discovery 3 SE7 TDV6 2.7
2012 SZ Territory TX 2.7 TDCi
"Make the lie big, make it simple, keep saying it, and eventually they will believe it." -- a warning from Adolf Hitler
"If you don't have a sense of humour, you probably don't have any sense at all!" -- a wise observation by someone else
'If everyone colludes in believing that war is the norm, nobody will recognize the imperative of peace." -- Anne Deveson
“What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others.” - Pericles
"We can ignore reality, but we cannot ignore the consequences of ignoring reality.” – Ayn Rand
"The happiness of your life depends upon the quality of your thoughts." Marcus Aurelius
Master
All our serious production servers are Red Hat, and use openSSL -
HOWEVER its only the very latest open SSL that has the issue. The nature of Red Hat being older stable versions software means all of our servers are running the older unaffected version.
The first affected version shipped with RHEL 6.5 (RHEL 6.4 and older shipped with the unaffected openssl-1.0.0 series). Systems which report as RHEL 6.0 - 6.3 could still have been updated to a newer [vulnerable] openssl-1.0.1 series package.
Luckily for me, I had not patched to the newer affected version.
Posting Permissions
| Search AULRO.com ONLY! |
Search All the Web! |
|---|
|
|
|
Reply With Quote
Bookmarks