This is one way to test your boxes: https://github.com/titanous/heartbleeder



On Tue, Apr 8, 2014 at 9:25 AM, Erik Anderson <erikerik at gmail.com> wrote:

> I'm guessing I'm not the only one that was up late patching systems to
> mitigate this security disaster. :(
>
> I've been thinking through all of the various vulnerabilities we've seen
> in my career, and I'm not sure I can think of one that is as potentially
> damaging as this one is.
>
> For those that haven't heard, the Heartbleed[1] OpenSSL bug was announced
> yesterday. In short, it's a bug in the TLS heartbeat functionality that
> allows any party to remotely read any accessible memory contents in the
> affected systems. Meaning that your private keys, session keys, etc. have
> all potentially been compromised.
>
> So, if you're running a linux server with an application that uses TLS and
> you have OpenSSL versions 1.0.1 = 1.0.1f, you're vulnerable and need to
> respond appropriately: patch openssl and libssl, regenerate private keys,
> get new SSL certs issued/installed, etc. It's been a fun 18 hours. :)
>
> -Erik
>
> [1]: http://heartbleed.com/
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
>


-- 
Ben Lutgens
Linux / Unix System Administrator

Three of your friends throw up after eating chicken salad.  Do you think:
"I should find more robust friends" or "we should check that refrigerator"?
       -- Donald Becker, on vortex-bug, suspecting a network-wide problem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20140408/a95b44f6/attachment.html>