Worth noting that it doesn't affect OpenSSL versions p=rior to 1.0.1:Check your version from command line:o=penssl versionAnd as for not knowing if you'v=e been hacked, unless the hacker went to great lengths to cover their track=s, as long as you have a good baseline knowledge of what goes on in your se=rver(s) and you monitor them regularly then you can reasonably deduce (not =100% of course) that an intrusion occurred:But good admins already know this ;-)<=/font>-Dan StrongOn Wed, Apr 9, 2014 at 10:40 AM, Donovan= Brooke <dbrooke@webdna.us> wrote:
webdna'ers,
This is just a courtesy notice about a significant bug going around, which =was brought to my attention by Christophe yesterday.
You can read about it on the net: "heartbleed bug"
You can test your server here: http://filippo.io/Heartbleed/
It apparently affects openssl 1.0.1 through 1.0.1f
You can fix it by:
##Ubuntu 12.04:-------------------
aptitude update
aptitude safe-upgrade
then check your openssl build date:
openssl version -b
output s/b: 'built on: Mon Apr =A07 20:33:29 UTC 2014'
-----------------------------------------------------
##CentOS 6.5:-------------------
do a 'yum update'
then check your openssl:
rpm -q openssl
The output should be:
openssl-1.0.1e-16.el6_5.7.i686
-----------------------------------------------------
Lastly, it's a good idea to change your passwords, as there is no way t=hat I have heard of that
an admin can tell if you've been hacked.
Sincerely,
Donovan
---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <ta=lk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: suppo=rt@webdna.us
|
Worth noting that it doesn't affect OpenSSL versions p=rior to 1.0.1:Check your version from command line:o=penssl versionAnd as for not knowing if you'v=e been hacked, unless the hacker went to great lengths to cover their track=s, as long as you have a good baseline knowledge of what goes on in your se=rver(s) and you monitor them regularly then you can reasonably deduce (not =100% of course) that an intrusion occurred:But good admins already know this ;-)<=/font>-Dan StrongOn Wed, Apr 9, 2014 at 10:40 AM, Donovan= Brooke <dbrooke@webdna.us> wrote:
webdna'ers,
This is just a courtesy notice about a significant bug going around, which =was brought to my attention by Christophe yesterday.
You can read about it on the net: "heartbleed bug"
You can test your server here: http://filippo.io/Heartbleed/
It apparently affects openssl 1.0.1 through 1.0.1f
You can fix it by:
##Ubuntu 12.04:-------------------
aptitude update
aptitude safe-upgrade
then check your openssl build date:
openssl version -b
output s/b: 'built on: Mon Apr =A07 20:33:29 UTC 2014'
-----------------------------------------------------
##CentOS 6.5:-------------------
do a 'yum update'
then check your openssl:
rpm -q openssl
The output should be:
openssl-1.0.1e-16.el6_5.7.i686
-----------------------------------------------------
Lastly, it's a good idea to change your passwords, as there is no way t=hat I have heard of that
an admin can tell if you've been hacked.
Sincerely,
Donovan
---------------------------------------------------------
This message is sent to you because you are subscribed to
the mailing list <ta=lk@webdna.us>.
To unsubscribe, E-mail to: <talk-leave@webdna.us>
archives: http://mail.webdna.us/list/talk@webdna.us
Bug Reporting: suppo=rt@webdna.us
DOWNLOAD WEBDNA NOW!
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...