[AusNOG] Heartbleed Bug

Peter Tonoli peter at medstv.unimelb.edu.au
Tue Apr 8 16:58:31 EST 2014 

Mea culpa.. The installed Debian package was unaffected, however the custom compiled NGinx had a vulnerable OpenSSL statically compiled (which is why I thought it was a false positive).

----- Original Message -----
> From: "Nathan Brookfield" <Nathan.Brookfield at simtronic.com.au>
> To: "Peter Tonoli" <peter at medstv.unimelb.edu.au>, "Tim Groeneveld" <tim at timg.ws>
> Cc: ausnog at lists.ausnog.net
> Sent: Tuesday, 8 April, 2014 3:20:49 PM
> Subject: RE: [AusNOG] Heartbleed Bug
> After some tests I just did, the site seems 100% correct over the 5 or
> 6 boxes I just checked. I did have to restart the Apache daemon for
> the updated packages to take affect though.
> 
> -----Original Message-----
> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of
> Peter Tonoli
> Sent: Tuesday, 8 April 2014 3:09 PM
> To: Tim Groeneveld
> Cc: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] Heartbleed Bug
> 
> 
> > ----- Original Message -----
> > > Hi All,
> > >   Now the general public are aware of the Heartbleed bug
> > > http://heartbleed.com/ for SSL does anyone have any information
> > > about what routers/switches/load balancers network components may
> > > be
> > > linked with this effected library. I would think that the server
> > > people would have this well in hand but perhaps we may be missing
> > > some critical info of what's buried inside our network kit.
> >
> >
> > You might find this handy:
> >
> > http://filippo.io/Heartbleed/
> 
> I'm not entirely sure that it is handy. I've tested it on a host that
> seems to be running a non-vulnerable version of OpenSSL, yet gets
> flagged as being vulnerable on this site..
> 
> --
> Peter Tonoli < peter at medstv.unimelb.edu.au > +61-3-9288-2399 IT
> Manager The University of Melbourne - Eastern Hill Academic Centre,
> St. Vincent's Institute and O'Brien Institute
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-- 
Peter Tonoli < peter at medstv.unimelb.edu.au > +61-3-9288-2399 
IT Manager 
The University of Melbourne - Eastern Hill Academic Centre, St. Vincent's Institute and O'Brien Institute

More information about the AusNOG mailing list