But your passwords to the web site might... Still not good, though perhaps not as catastrophic as first thought - depending on how the web or other application using OpenSSL is written.
Thanks for that article. Kurt On Wed, Apr 9, 2014 at 10:22 AM, Kennedy, Jim <[email protected]>wrote: > The plot thickens. Maybe the private key doesn't leak. > > > > > http://blog.erratasec.com/2014/04/why-heartbleed-doesnt-leak-private-key.html > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Ziots, Edward > *Sent:* Wednesday, April 9, 2014 1:14 PM > *To:* [email protected] > *Subject:* RE: [NTSysADM] Heartbleed vulnerability > > > > http://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929 > > > > Looks like there might be a NMAP script out for the vulnerability also per > the ISC sites > > > > Z > > > > Edward E. Ziots, CISSP, CISA, CRISC, Security +, Network + > > Security Engineer > > Lifespan Organization > > [email protected] > > Work:401-255-2497 > > > > > > This electronic message and any attachments may be privileged and > confidential and protected from disclosure. If you are reading this > message, but are not the intended recipient, nor an employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that you are strictly prohibited from copying, printing, > forwarding or otherwise disseminating this communication. If you have > received this communication in error, please immediately notify the sender > by replying to the message. Then, delete the message from your computer. > Thank you. > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Kurt Buff > *Sent:* Wednesday, April 09, 2014 12:45 PM > *To:* [email protected] > *Subject:* Re: [NTSysADM] Heartbleed vulnerability > > > > Don't know, but it might be worthwhile checking on any equipment with a > web server, including: switches, routers, ILO/DRAC, ESX/ESXi, web filters, > spam filters, firewalls, SSL VPN appliances, 3rd party computer management > software (Dell server administrator software, etc.). > > That's just off the top of my head... > > I'm looking for a script to run against my internal infrastructure - > anyone know of one? > > Kurt > > > > On Wed, Apr 9, 2014 at 7:49 AM, David Lum <[email protected]> > wrote: > > *From:* David Lum > *Sent:* Wednesday, April 09, 2014 7:43 AM > *To:* '[email protected]' > *Subject:* Heartbleed vulnerability > > > > Are many of you guys affected by this? > > > https://isc.sans.edu/forums/diary/Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921 > > > > Most likely vectors are apparently Linux-based appliances. > > > > > > > > > > *David Lum* > > *Network System Admin, Information Services* > > *office* 503-265-4728 | modahealth.com <http://www.modahealth.com/> > > *I’m excited to announce that ODS Health is now Moda Health. Please make a > note of my new email address, [email protected] > <[email protected]>, so we can stay connected.* > > This message is intended for the sole use of the individual and entity to > whom it is addressed, and may contain information that is privileged, > confidential and exempt from disclosure under applicable law. If you are > not the intended addressee, nor authorized to receive for the intended > addressee, you are hereby notified that you may not use, copy, disclose or > distribute to anyone the message or any information contained in the > message. If you have received this message in error, please immediately > advise the sender by reply email and delete the message. > > > > > > >
<<inline: image002.jpg>>
<<inline: image001.png>>
