Hi All :)
Ok... some things to think about concerning the HeartBleed vulnerability....
- Change your passwords
- This is a 'DOH'... as we all should be changing our passwords every 45-90 days as a minimum... You do change yours regularly don't you?
- This is not a new vulnerability!
- it's been around for a couple years...
- we must assume that the exploitation of it has been around for some time... just not in the news
- Remember this hasn't been remediated yet by a WHOLE LOT of sites!
- this means that we need to keep changing our passwords regularly with a very high frequency until patching is complete
- Use good passwords...
- I used 'good' rather than 'strong' for the simple reason of dictionaries and/or Rainbow Tables
- At least 10+ characters long
- Use Mixed Case
- Use Special Characters (@, !, ^, $)
- SPELL THINGS WRONG intentionally!
- e.g. EyeR3edB0ok$ instead of IReadBooks
Art "They are out to get us!!! " Bahrs, {insert lots of letters of security credentials for those who care about those things hehehe}
Art Bahrs, CISSP
Security Engineer (Oregon Region)
(971) 282-0927
-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On Behalf Of James B. Byrne
Sent: Thursday, April 10, 2014 6:12 AM
To: [log in to unmask]
Subject: Re: OT OpenSSL-1.0.1 Heartbeat exploit named heartbleed
On Thu, April 10, 2014 08:45, Mark Ranft wrote:
> Might this vulnerability be a concern for MPE posix OpenSSL users?
>
> The product, HP WebWise MPE/iX Secure Web Server, contained Openssl
> 0.9.7d cryptographic/SSL library
>
> And there are those that downloaded OpenSLL for sftp. The version I
> have is openssl-0.9.6a-mpe.tar.
>
No, any version of OpenSSL prior to 1.0.1 is not affected by this vulnerability as the heartbeat protocol was not introduced before 2012 and
v.1.0.1 was the first release to include it.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:[log in to unmask]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
________________________________
This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|