[olug] Heartbleed
Justin Reiners
justin at hotlinesinc.com
Thu Apr 10 00:39:30 UTC 2014
Yes over the next few days I will be changing certs as well as passwords on
the entire network. We are waiting for certs to be reissued now. All
outward facing servers are patched now. Working on the rest tomorrow
Luckily patching is a piece of cake.
On Apr 9, 2014 6:12 PM, "Jeff Hinrichs - DM&T" <jeffh at dundeemt.com> wrote:
> Admins: Not only certs but you should force users to change their
> passwords.
>
> Users: If you haven't changed your passwords in a while/ever now is the
> time. Password managers are your friend.
>
> Last article I saw was estimating 2/3 of the internet was affected.
> Personally, our systems were 50% affected. If you were vulnerable, you
> have to assume you were compromised.
>
> -j
>
>
> On Wed, Apr 9, 2014 at 6:01 PM, Tom Fritz <tfritz at me.com> wrote:
>
> >
> > > I will assume that the slow traffic on the mailing list tonight is
> > > because we are all busy checking our systems for the openssl heartbleed
> > > vulnerability.
> > >
> > > If you aren't, you should be.
> > >
> > > RHEL/CentOS folks, please see this note:
> > > https://bugzilla.redhat.com/show_bug.cgi?id=1084875#c9
> > >
> > > Red Hat announcement:
> > > https://access.redhat.com/site/announcements/781953
> > >
> > > Fedora Announcement:
> > >
> >
> https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html
> >
> > There appears to be some confusion if applying the fix is enough.
> > If your server has been compromised you need to regen/replace your certs
> > after installing the fixed openssl. I have talked with some folks and
> they
> > think updating the openssl is enough and it may not be. You can't detect
> if
> > your system has been compromised. I also haven't seen an IDS/IPS
> signature
> > released. If someone otherwise please share.
> >
> > Tom.
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
>
>
>
> --
> Best,
>
> Jeff Hinrichs
> 402.218.1473
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list