ninjette.org - View Single Post

Alex · April 9th, 2014, 10:44 AM

I updated the OpenSSL libraries Monday night right after the Centos updates were released. I was getting a false positive once or twice soon after, but haven't seen them in more recent tests. This is a result of the scanners getting overloaded; there have been no changes on our server here since that initial update. Here's the most prominent one I've been seeing referenced:

http://filippo.io/Heartbleed/

The timing for us is pretty amazing, actually. I just created the cert over the weekend, so the time for the vulnerability to be open right up unti lthe time of the patch was only a day or two, compared to any other site that had SSL up and running before, say, this weekend.

April 9th, 2014, 10:44 AM	#2
Alex ninjette.org dude Name: 1 guess :-) Location: SF Bay Area Join Date: Jun 2008 Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE Posts: Too much. Blog Entries: 7	I updated the OpenSSL libraries Monday night right after the Centos updates were released. I was getting a false positive once or twice soon after, but haven't seen them in more recent tests. This is a result of the scanners getting overloaded; there have been no changes on our server here since that initial update. Here's the most prominent one I've been seeing referenced: http://filippo.io/Heartbleed/ The timing for us is pretty amazing, actually. I just created the cert over the weekend, so the time for the vulnerability to be open right up unti lthe time of the patch was only a day or two, compared to any other site that had SSL up and running before, say, this weekend. __________________________________________________ Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org ninjette.org Terms of Service Shopping for motorcycle parts or equipment? Come here first. The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)