Heartbleed vulnerability checking site

Here wizards, magicians, sorcerers and everybody can rest a bit and talk about anything they like.

Just remember to respect the rules.

Heartbleed vulnerability checking site

Postby zxr250cc » Apr 10th, '14, 17:40

Hi all,

I have been looking at the various web sites that I log into on a daily basis and have been using the HeartBleed checking site to see if they are vulnerable to that issue. So far every site I used is vulnerable, including this one. :shock:

Site: mageia.org
Server software: Apache/2.2.23 (Mageia/PREFORK-1.mga1)
Vulnerable: Definitely (known use OpenSSL)
SSL Certificate: Unsafe (created 1 year ago at Feb 7 00:00:00 2013 GMT)
Assessment: Wait for the site to update before changing your password

As we are all advised we need to change passwords in our sites, but to wait until they are patched before doing so, I am wondering if anyone is doing this for this site?

Link to checking site: https://lastpass.com/heartbleed/

This is not a promotion of that site and I only offer it since it shows useful info when used.

cheers

zxr250cc
Last edited by zxr250cc on Apr 10th, '14, 23:59, edited 1 time in total.
'We live in the best of all possible worlds!'
Candide (Voltaire)
User avatar
zxr250cc
 
Posts: 200
Joined: Mar 25th, '12, 23:20
Location: USA, Central time zone

Re: Heartbleed vulnerability checking site

Postby isadora » Apr 10th, '14, 19:03

Mageia seems to be okay right now:
All good, forums.mageia.org:443 seems fixed or unaffected!


I agree, noticed this yesterday and informed sysadmin.
..........bird from paradise..........

Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.
—Antoine de Saint-Exupéry
User avatar
isadora
 
Posts: 2742
Joined: Mar 25th, '11, 16:03
Location: Netherlands

Re: Heartbleed vulnerability checking site

Postby zxr250cc » Apr 10th, '14, 23:57

Yes, I was referring to using the site checking link at the lastpass site that checks for the vulnerability. The link I listed in my original post.

cheers all
'We live in the best of all possible worlds!'
Candide (Voltaire)
User avatar
zxr250cc
 
Posts: 200
Joined: Mar 25th, '12, 23:20
Location: USA, Central time zone

Re: Heartbleed vulnerability checking site

Postby jiml8 » Apr 11th, '14, 17:28

This site seems to be more comprehensive:

https://www.ssllabs.com/ssltest/index.html

It rates mageia.org as a "C" for ssl security, showing one vulnerabilty to exploits.

https://www.ssllabs.com/ssltest/analyze ... 70.188.116
https://www.ssllabs.com/ssltest/analyze ... 85.158.146
jiml8
 
Posts: 1253
Joined: Jul 7th, '13, 18:09

Re: Heartbleed vulnerability checking site

Postby zxr250cc » Apr 13th, '14, 19:31

I agree that this seems to be a more useful site. Thanks for the link.

What does a C grade mean?

cheers all
'We live in the best of all possible worlds!'
Candide (Voltaire)
User avatar
zxr250cc
 
Posts: 200
Joined: Mar 25th, '12, 23:20
Location: USA, Central time zone

Re: Heartbleed vulnerability checking site

Postby wilcal » Apr 17th, '14, 21:59

Updates:
openssl-1.0.1e-1.5.mga3.i586.rpm dated 7 April 2014
openssl-1.0.1e-1.5.mga3.x86_64.rpm dated 7 April 2014
openssl-1.0.1e-8.2.mga4.i586.rpm dated 7 April 2014
openssl-1.0.1e-8.2.mga4.x86_64.rpm dated 7 April 2014
All included a heartbleed fix backported from openssl-1.0.1g
"DISK BOOT FAILURE - INSERT SYSTEM DISK AND PRESS ENTER"
is my friend
wilcal
 
Posts: 567
Joined: Jun 20th, '11, 02:01
Location: San Diego CA

Re: Heartbleed vulnerability checking site

Postby micjustin33 » Apr 19th, '14, 10:11

on a related note this page : https://www.ssllabs.com/ssltest/

will test your SSL settings to make sure that you have all the old insecure protocols disabled.

It also tests for BEAST attack and would imagine they will add support for Heartbleed bug soon'ish
micjustin33
 
Posts: 3
Joined: Apr 19th, '14, 09:52

Re: Heartbleed vulnerability checking site

Postby doktor5000 » Apr 19th, '14, 19:27

Was already mentioned three posts before ;)
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17630
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany


Return to The Wizards Lair

Who is online

Users browsing this forum: No registered users and 1 guest