Solved

OpenSSL Heart Bleed Bug

Posted on 2014-04-09
10
603 Views
Last Modified: 2014-04-15
im not sure what it means and in which way it affects an enterprise?
0
Comment
Question by:DukewillNukem
  • 5
  • 4
10 Comments
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 500 total points
Comment Utility
You mean all the articles that can be found in various news are not well-written, not understandable?

If you use openssl in the version mentioned, you need to install updates immediately, that's all. Otherwise you are vulnerable to various serious attacks via internet.
0
 

Author Comment

by:DukewillNukem
Comment Utility
which articles?where do i get the updates from?
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Duke, are you affected, do you run open ssl? In what version do you run it?
0
 

Author Comment

by:DukewillNukem
Comment Utility
we mainly use Windows servers. however,we do have a few Linux appliances,stuff like ESX,Cisco Unified Personal Communicator. no my SQL.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
But you don't use open ssl, right?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:DukewillNukem
Comment Utility
no
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
Comment Utility
And...why do you care, then :) ?
0
 

Assisted Solution

by:DukewillNukem
DukewillNukem earned 0 total points
Comment Utility
i dont know ;-)
but again,we have centos,suse,red hat,ubuntu,etc.
i just want to make sure we dont have to worry about stuff like that. thinking  about to implement a Vulnerability Management Tool (VIM) for 3rd party Software
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
IIS is not affected: http://blogs.technet.com/b/erezs_iis_blog/archive/2014/04/09/information-about-heartbleed-and-iis.aspx
But Apache + OpenSSL is. If your running redhat you are likely affected if it's the latest instance of open-ssl (1.0.1 thru 1.0.1f) http://www.kb.cert.org/vuls/id/720951
Here is a pretty good list of vendors press releases that specify versions of software that are and are not affected, like cisco etc...
https://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929
-rich
0
 

Author Closing Comment

by:DukewillNukem
Comment Utility
found a solution
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now