NO its in like a lot of systems that rely on openssl, it's a flaw in the implementation. Remember Dan Chaminskys DNS bug issue a few years ago, yeah its that big.
Z Edward E. Ziots, CISSP, CISA, CRISC, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of James Rankin Sent: Wednesday, April 09, 2014 10:54 AM To: [email protected] Subject: Re: [NTSysADM] Heartbleed vulnerability What about SOHO routers? Things like Steam? As someone said in an interview today, they might be cleaning this one up for ten years. On 9 April 2014 15:49, David Lum <[email protected]<mailto:[email protected]>> wrote: From: David Lum Sent: Wednesday, April 09, 2014 7:43 AM To: '[email protected]<mailto:[email protected]>' Subject: Heartbleed vulnerability Are many of you guys affected by this? https://isc.sans.edu/forums/diary/Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921 Most likely vectors are apparently Linux-based appliances. [cid:[email protected]] David Lum Network System Admin, Information Services office 503-265-4728<tel:503-265-4728> | modahealth.com<http://www.modahealth.com/> I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, [email protected]<mailto:[email protected]>, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. -- James Rankin --------------------- RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization Practice Analyst - Desktop Virtualization http://appsensebigot.blogspot.co.uk
<<inline: image002.png>>
<<inline: image003.jpg>>
