Hi all, Just to follow up on this - if you have any customers (or yourself!) who are running appliances that can't be easily patched, you can use the following to help secure your environment:
IPTABLES rules to log and drop heartbleed requests: http://seclists.org/bugtraq/2014/Apr/44 NMAP script to identify vulnerable hosts: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse - Wesley On Tue, Apr 8, 2014 at 12:14 PM, John R. Dennison <[email protected]> wrote: > On Tue, Apr 08, 2014 at 11:57:49AM -0500, Blake Dunlap wrote: > > Part of it is they didn't actually fix the bug, they just disabled the > > vulnerable feature. > > The Red Hat update is a patch to remove the info disclosure, as far as I > know going bu their changelog / RHSA and discussion with Red Hatters on > IRC. > > > > > > John > -- > "GUIs let people who don't understand the technology think that they are > capable of managing it." > > -- http://lamejournal.com/2013/11/06/why-wont-have-a-job-in-5-years/ > -- http://www.wesleyduffeebraun.com <http://www.ashevillephotobooth.com> -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
