[kwlug-disc] Heartbleed affected sites
Bob Jonkman
bjonkman at sobac.com
Fri Apr 11 15:26:11 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you're using a tool to check for Heartbleed vulnerabilities, be
sure to check the Web interface on your router and/or modem as well.
I'm not sure if router vendors are on top of this, but according to
ssltest.py my Tomato/MLPPP Version 1.25-mp3alpha6 (from
http://fixppp.org ) is not vulnerable, nor my Thomson Speedtouch modem
with firmware 6.1.0.5
Also, somebody asked me how safe these vulnerability checking tools
are, especially the online and Javascript-based ones. What's to say
they're not merely displaying "all is well", and actually compiling a
list of vulnerable sites for later exploitation?
- --Bob.
On 14-04-08 12:06 PM, Khalid Baheyeldin wrote:>
> You can use this python tool ssltest.py to check if your servers
> are vulnerable:
>
> $ wget -O ssltest.py "http://pastebin.com/raw.php?i=WmxzjkXJ" $
> python ssltest.py example.com
On 14-04-11 10:51 AM, CrankyOldBugger wrote:
> Mashable has a list going of sites affected by Heartbleed:
>
> http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
>
> Don't forget to add Canada Revenue (and most other government
> sites) to your list of passwords to change!
Bob Jonkman <bjonkman at sobac.com> Phone: +1-519-669-0388
SOBAC Microcomputer Services http://sobac.com/sobac/
http://bob.jonkman.ca/blogs/ http://sn.jonkman.ca/bobjonkman/
Software --- Office & Business Automation --- Consulting
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Ensure confidentiality, authenticity, non-repudiability
iEYEARECAAYFAlNIQdEACgkQuRKJsNLM5epRdwCg2lOb8IU+MasK5tbnLKueZNcf
KEoAoNhd+K0k9s0y4zKqtof8iYTxxOHY
=Sm+H
-----END PGP SIGNATURE-----
More information about the kwlug-disc
mailing list