csmith12
April 9th, 2014, 09:28 AM
Alex - I just got a warning about the heartbleed SSL bug on ninjette.org. Can you verify or is it a false positive?
View Full Version : Heartbleed SSL Bug csmith12 April 9th, 2014, 09:28 AM Alex - I just got a warning about the heartbleed SSL bug on ninjette.org. Can you verify or is it a false positive? Alex April 9th, 2014, 10:44 AM I updated the OpenSSL libraries Monday night right after the Centos updates were released. I was getting a false positive once or twice soon after, but haven't seen them in more recent tests. This is a result of the scanners getting overloaded; there have been no changes on our server here since that initial update. Here's the most prominent one I've been seeing referenced: http://filippo.io/Heartbleed/ The timing for us is pretty amazing, actually. I just created the cert over the weekend, so the time for the vulnerability to be open right up unti lthe time of the patch was only a day or two, compared to any other site that had SSL up and running before, say, this weekend. :) csmith12 April 9th, 2014, 10:51 AM I figgered it might have been a false positive, as it seemed a bit random in nature. No harm in checking though. Alex April 9th, 2014, 11:16 AM Some useful links if people are interested in this high-profile security topic: http://lifehacker.com/what-the-heartbleed-security-bug-means-for-you-1560801201 http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/ http://www.zdnet.com/heartbleed-security-patches-coming-fast-and-furious-7000028216/ http://www.thewire.com/technology/2014/04/what-you-need-to-know-about-heartbleed-the-new-security-bug-scaring-the-internet/360366/ https://www.schneier.com/blog/archives/2014/04/heartbleed.html Alex April 9th, 2014, 11:26 AM http://imgs.xkcd.com/comics/heartbleed.png (from http://xkcd.com/1353/) Ninjinsky April 9th, 2014, 12:20 PM Is this it ? https://www.ninjette.org/forums/images/styles/desert_green/attach/jpg.gif csmith12 April 9th, 2014, 12:28 PM Naw, I could connect. I am a developer by trade so I have some extra security tools installed and it flagged the SSL cert. I don't "think" the problems are related but who knows. |
|