Re: [WebDNA] [ot-security] Heartbleed bug

This WebDNA talk-list message is from

2014


It keeps the original formatting.
numero = 111293
interpreted = N
texte = --001a11c20ce6c311b604f69fea3b Content-Type: text/plain; charset=ISO-8859-1 Worth noting that it doesn't affect OpenSSL versions prior to 1.0.1: http://threatpost.com/openssl-fixes-tls-vulnerability/105300 Check your version from command line: openssl version And as for not knowing if you've been hacked, unless the hacker went to great lengths to cover their tracks, as long as you have a good baseline knowledge of what goes on in your server(s) and you monitor them regularly then you can reasonably deduce (not 100% of course) that an intrusion occurred: http://pen-testing.sans.org/resources/downloads But good admins already know this ;-) -Dan Strong http://DanStrong.com On Wed, Apr 9, 2014 at 10:40 AM, Donovan Brooke wrote: > > webdna'ers, > > This is just a courtesy notice about a significant bug going around, which > was brought to my attention by Christophe yesterday. > > You can read about it on the net: "heartbleed bug" > > You can test your server here: http://filippo.io/Heartbleed/ > > It apparently affects openssl 1.0.1 through 1.0.1f > > You can fix it by: > > ##Ubuntu 12.04:------------------- > aptitude update > aptitude safe-upgrade > > then check your openssl build date: > openssl version -b > > output s/b: 'built on: Mon Apr 7 20:33:29 UTC 2014' > ----------------------------------------------------- > > ##CentOS 6.5:------------------- > do a 'yum update' > > then check your openssl: > rpm -q openssl > > The output should be: > openssl-1.0.1e-16.el6_5.7.i686 > ----------------------------------------------------- > > > Lastly, it's a good idea to change your passwords, as there is no way that > I have heard of that > an admin can tell if you've been hacked. > > Sincerely, > Donovan > > > > > > > > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > --001a11c20ce6c311b604f69fea3b Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Worth noting that it doesn't affect OpenSSL versions p= rior to 1.0.1:

Check your version from command line:
o= penssl version

And as for not knowing if you'v= e been hacked, unless the hacker went to great lengths to cover their track= s, as long as you have a good baseline knowledge of what goes on in your se= rver(s) and you monitor them regularly then you can reasonably deduce (not = 100% of course) that an intrusion occurred:


=
But good admins already know this ;-)



On Wed, Apr 9, 2014 at 10:40 AM, Donovan= Brooke <dbrooke@webdna.us> wrote:

webdna'ers,

This is just a courtesy notice about a significant bug going around, which = was brought to my attention by Christophe yesterday.

You can read about it on the net: "heartbleed bug"

You can test your server here: http://filippo.io/Heartbleed/

It apparently affects openssl 1.0.1 through 1.0.1f

You can fix it by:

##Ubuntu 12.04:-------------------
aptitude update
aptitude safe-upgrade

then check your openssl build date:
openssl version -b

output s/b: 'built on: Mon Apr =A07 20:33:29 UTC 2014'
-----------------------------------------------------

##CentOS 6.5:-------------------
do a 'yum update'

then check your openssl:
rpm -q openssl

The output should be:
openssl-1.0.1e-16.el6_5.7.i686
-----------------------------------------------------


Lastly, it's a good idea to change your passwords, as there is no way t= hat I have heard of that
an admin can tell if you've been hacked.

Sincerely,
Donovan








---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <ta= lk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: suppo= rt@webdna.us

--001a11c20ce6c311b604f69fea3b-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] [ot-security] Heartbleed bug (Stuart Tremain 2014)
  2. Re: [WebDNA] [ot-security] Heartbleed bug (Dan Strong 2014)
  3. Re: [WebDNA] [ot-security] Heartbleed bug (Dan Strong 2014)
  4. [WebDNA] [ot-security] Heartbleed bug (Donovan Brooke 2014)
--001a11c20ce6c311b604f69fea3b Content-Type: text/plain; charset=ISO-8859-1 Worth noting that it doesn't affect OpenSSL versions prior to 1.0.1: http://threatpost.com/openssl-fixes-tls-vulnerability/105300 Check your version from command line: openssl version And as for not knowing if you've been hacked, unless the hacker went to great lengths to cover their tracks, as long as you have a good baseline knowledge of what goes on in your server(s) and you monitor them regularly then you can reasonably deduce (not 100% of course) that an intrusion occurred: http://pen-testing.sans.org/resources/downloads But good admins already know this ;-) -Dan Strong http://DanStrong.com On Wed, Apr 9, 2014 at 10:40 AM, Donovan Brooke wrote: > > webdna'ers, > > This is just a courtesy notice about a significant bug going around, which > was brought to my attention by Christophe yesterday. > > You can read about it on the net: "heartbleed bug" > > You can test your server here: http://filippo.io/Heartbleed/ > > It apparently affects openssl 1.0.1 through 1.0.1f > > You can fix it by: > > ##Ubuntu 12.04:------------------- > aptitude update > aptitude safe-upgrade > > then check your openssl build date: > openssl version -b > > output s/b: 'built on: Mon Apr 7 20:33:29 UTC 2014' > ----------------------------------------------------- > > ##CentOS 6.5:------------------- > do a 'yum update' > > then check your openssl: > rpm -q openssl > > The output should be: > openssl-1.0.1e-16.el6_5.7.i686 > ----------------------------------------------------- > > > Lastly, it's a good idea to change your passwords, as there is no way that > I have heard of that > an admin can tell if you've been hacked. > > Sincerely, > Donovan > > > > > > > > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us > --001a11c20ce6c311b604f69fea3b Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Worth noting that it doesn't affect OpenSSL versions p= rior to 1.0.1:

Check your version from command line:
o= penssl version

And as for not knowing if you'v= e been hacked, unless the hacker went to great lengths to cover their track= s, as long as you have a good baseline knowledge of what goes on in your se= rver(s) and you monitor them regularly then you can reasonably deduce (not = 100% of course) that an intrusion occurred:


=
But good admins already know this ;-)



On Wed, Apr 9, 2014 at 10:40 AM, Donovan= Brooke <dbrooke@webdna.us> wrote:

webdna'ers,

This is just a courtesy notice about a significant bug going around, which = was brought to my attention by Christophe yesterday.

You can read about it on the net: "heartbleed bug"

You can test your server here: http://filippo.io/Heartbleed/

It apparently affects openssl 1.0.1 through 1.0.1f

You can fix it by:

##Ubuntu 12.04:-------------------
aptitude update
aptitude safe-upgrade

then check your openssl build date:
openssl version -b

output s/b: 'built on: Mon Apr =A07 20:33:29 UTC 2014'
-----------------------------------------------------

##CentOS 6.5:-------------------
do a 'yum update'

then check your openssl:
rpm -q openssl

The output should be:
openssl-1.0.1e-16.el6_5.7.i686
-----------------------------------------------------


Lastly, it's a good idea to change your passwords, as there is no way t= hat I have heard of that
an admin can tell if you've been hacked.

Sincerely,
Donovan








---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <ta= lk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: suppo= rt@webdna.us

--001a11c20ce6c311b604f69fea3b-- Dan Strong

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Just a thought (1998) [/application] error? (1997) Emailer errors (1997) OT: Need some feedback, please. (2003) Wanted: More Math Functions (or, Can You Solve This?) (1997) WebCatalog Upgrade Pricing? (1997) Generating Report Totals (1997) Almost a there but..bye bye NetCloak (1997) [WebDNA] Putting '&search' into URL killing all search contexts (2010) FEW QUESTIONS (1997) Error & Problem (1997) all records returned. (1997) Problems passing [SKU] with $Replace in 2.0 (1997) Is the list server working? (1998) Caching pages...again (2001) a search based on ^(contains) (1998) WebCat2b13MacPlugIn - [shownext method=post] ??? (1997) Bug or syntax error on my part? (1997) RE: [WebDNA] OT - JS help (2008) authenticating a second user (1997)