Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 620
  • Last Modified:

OpenSSL Heart Bleed Bug

im not sure what it means and in which way it affects an enterprise?
0
DukewillNukem
Asked:
DukewillNukem
  • 5
  • 4
3 Solutions
 
McKnifeCommented:
You mean all the articles that can be found in various news are not well-written, not understandable?

If you use openssl in the version mentioned, you need to install updates immediately, that's all. Otherwise you are vulnerable to various serious attacks via internet.
0
 
DukewillNukemAuthor Commented:
which articles?where do i get the updates from?
0
 
McKnifeCommented:
Duke, are you affected, do you run open ssl? In what version do you run it?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
DukewillNukemAuthor Commented:
we mainly use Windows servers. however,we do have a few Linux appliances,stuff like ESX,Cisco Unified Personal Communicator. no my SQL.
0
 
McKnifeCommented:
But you don't use open ssl, right?
0
 
DukewillNukemAuthor Commented:
no
0
 
McKnifeCommented:
And...why do you care, then :) ?
0
 
DukewillNukemAuthor Commented:
i dont know ;-)
but again,we have centos,suse,red hat,ubuntu,etc.
i just want to make sure we dont have to worry about stuff like that. thinking  about to implement a Vulnerability Management Tool (VIM) for 3rd party Software
0
 
Rich RumbleSecurity SamuraiCommented:
IIS is not affected: http://blogs.technet.com/b/erezs_iis_blog/archive/2014/04/09/information-about-heartbleed-and-iis.aspx
But Apache + OpenSSL is. If your running redhat you are likely affected if it's the latest instance of open-ssl (1.0.1 thru 1.0.1f) http://www.kb.cert.org/vuls/id/720951
Here is a pretty good list of vendors press releases that specify versions of software that are and are not affected, like cisco etc...
https://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929
-rich
0
 
DukewillNukemAuthor Commented:
found a solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now