Heartbleed bug - what can WE do?

GeoffW1 (Geoff) · #1 29-04-2014, 09:37 AM

Hi,

Here's an interesting newsletter from Malwarebytes on the Heartbleed bug, especially the bit about an extension available for Chrome users. Also of interest is a list of affected servers, which includes several that IIS members would use, eg Dropbox.

http://blog.malwarebytes.org/online-...eartbleed-bug/

Cheers

multiweb (Marc) · #2 29-04-2014, 10:02 AM

Quote:

Originally Posted by GeoffW1

Hi,

Here's an interesting newsletter from Malwarebytes on the Heartbleed bug, especially the bit about an extension available for Chrome users. Also of interest is a list of affected servers, which includes several that IIS members would use, eg Dropbox.

http://blog.malwarebytes.org/online-...eartbleed-bug/

Cheers

SSL certificates that may have been compromised by the Heartbleed vulnerability on OpenSSL should have all been replaced from April 12th onwards. OpenSSL is mostly used by UNIX/Linux service providers. I believe the problem was limited to specific OS as well. Some Ubuntu version were, FreeBSD wasn't, etc...

GeoffW1 (Geoff) · #3 29-04-2014, 10:12 AM

Hope so.

And now this. I don't mean to be a scaremonger, it is about information.

http://www.smh.com.au/it-pro/securit...428-zr11i.html

Cheers

multiweb (Marc) · #4 29-04-2014, 10:24 AM

XP end of life was this April so obviously you use it at your own risks.

Steffen · #5 29-04-2014, 11:01 AM

Since the TLS heartbeat extension is essentially symmetric the Heartbleed vulnerability affects not just servers, but clients (web browsers etc.), too. See http://blog.meldium.com/home/2014/4/...rse-heartbleed for more information. It appears to be possible to obtain blocks of memory contents from client PCs.

Cheers
Steffen.