http://filippo.io/Heartbleed/#www.unlocator.com
On Wed, Apr 9, 2014 at 2:05 PM, Ted Byers <r.ted.by...@gmail.com> wrote: > How do I determine whether or not the web servers I run are affected? > They are Apache 2.4, built for 64 bit Windows and downloaded from > Apachelounge. I have no idea what version of openssl it was built with. > Does anyone here know if the feature that introduces the risk can be turned > off, without introducing other risks? If so, how? > > Also, could the security keys we bought have been compromised? > > Any advice on how I can protect my servers better would be appreciated. > > Thanks > > Ted > > -- > R.E.(Ted) Byers, Ph.D.,Ed.D. > > > On Mon, Apr 7, 2014 at 4:31 PM, OpenSSL <open...@openssl.org> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> OpenSSL Security Advisory [07 Apr 2014] >> ======================================== >> >> TLS heartbeat read overrun (CVE-2014-0160) >> ========================================== >> >> A missing bounds check in the handling of the TLS heartbeat extension can >> be >> used to reveal up to 64k of memory to a connected client or server. >> >> Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including >> 1.0.1f and 1.0.2-beta1. >> >> Thanks for Neel Mehta of Google Security for discovering this bug and to >> Adam Langley <a...@chromium.org> and Bodo Moeller <bmoel...@acm.org> for >> preparing the fix. >> >> Affected users should upgrade to OpenSSL 1.0.1g. Users unable to >> immediately >> upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. >> >> 1.0.2 will be fixed in 1.0.2-beta2. >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> >> iQIcBAEBCAAGBQJTQt1bAAoJENNXdQf6QOniGhkP/AjjZgV+g7ZyxnxdnvA2+sdV >> sxNso208Cod8DKnDONtXHuPTkTFfyHl72FM1ea99woe3X6JWj3PyiZGvSfeo4Jj/ >> QiDJvvcHc5Xq00gAr6MIarhMJbRtYkM+Th6PPXyqODYcb/pDoqy5VWo/R9QkZTPn >> zaiXPyapJB/qSYo4UqXWerT9YTLdYmiro//kQN0U/SedF/fNz4CEBcMyz6z7YJAC >> LFoE6Vf54PAkNvxjcX9ugIKluBMk5YONRG8PB0X/UDwf9Kj4L6OTT51x1yeFw3Sg >> GzTqvKD+2JWzFDCcfJULRCSCEwHhKbjR7n3sI1RPaaEWp5E63+9HSMRYjVOFIwt/ >> OTrMPbW1BEiX0A7NB7HSrrvddnYd3sz8A44v00oesr+XaW5nyu79IndQwLhPkKYF >> Dkb67quw/tfV6Y1r4sETqSd2FrM7MpFzltywMKzVKWNpMSwOAWSBGUl7VH0m84Ty >> zAufUSEnYIA3dMC2DnHie+ot4WnjJlTErBmfUb/QNbNYDt0vjhS60oydP1NJ8AlG >> aoUK7mslOlVCauAIeGNbi4PzJ+LvWYmyFFGT+M1/UOBZFFvG7jsReBjTIu9dg3Za >> S7NE7CeMvRRpOEm1+T9L8a26/c6C9dwF7JPQvMpTR3BeT2jjkYe8rdTCkT91g1sd >> J37YgDNuefzrsA+B5/o7 >> =szjb >> -----END PGP SIGNATURE----- >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > > > >
