[olug] Heartbleed
Jeff Hinrichs - DM&T
jeffh at dundeemt.com
Thu Apr 10 00:12:34 UTC 2014
Admins: Not only certs but you should force users to change their
passwords.
Users: If you haven't changed your passwords in a while/ever now is the
time. Password managers are your friend.
Last article I saw was estimating 2/3 of the internet was affected.
Personally, our systems were 50% affected. If you were vulnerable, you
have to assume you were compromised.
-j
On Wed, Apr 9, 2014 at 6:01 PM, Tom Fritz <tfritz at me.com> wrote:
>
> > I will assume that the slow traffic on the mailing list tonight is
> > because we are all busy checking our systems for the openssl heartbleed
> > vulnerability.
> >
> > If you aren't, you should be.
> >
> > RHEL/CentOS folks, please see this note:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1084875#c9
> >
> > Red Hat announcement:
> > https://access.redhat.com/site/announcements/781953
> >
> > Fedora Announcement:
> >
> https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html
>
> There appears to be some confusion if applying the fix is enough.
> If your server has been compromised you need to regen/replace your certs
> after installing the fixed openssl. I have talked with some folks and they
> think updating the openssl is enough and it may not be. You can't detect if
> your system has been compromised. I also haven't seen an IDS/IPS signature
> released. If someone otherwise please share.
>
> Tom.
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
--
Best,
Jeff Hinrichs
402.218.1473
More information about the OLUG
mailing list