Overview: The Heartbleed Bug is a serious
vulnerability that allows outside attackers to steal sensitive
information on an otherwise believed to be secured connections for
example: https (ie: http over ssl/tls), secure email and VPN. All done
without leaving a trace.
For more details: http://heartbleed.com/
Visit me at: http://community.linuxmint.com/tutorial/view/1628
For more details: http://heartbleed.com/
Visit me at: http://community.linuxmint.com/tutorial/view/1628
Heart Bleed Bug
What ain't Broken?
What is Broken?
What is fixed?
What was Not Broken by Heart Bleed?
Major Components
- SSL
- SSH
- Heart Beat
OpenSSL before 1.0.1
Non OpenSSH/OpenSSL implementations
What is Broken?
OpenSSH/OpenSSL Heart Beat implementation
- 1.0.1 Branch
- 1.0.2-beta Testing Branch
Yep, it's an Implementation error
What is fixed?
OpenSSL v1.0.1g
OpenSSL v1.0.2-beta2
Distropatch by each distro
- Built on/after 7apr2014
- These not necessary be 1.0.1g
How to check?
- openssl version -a
- Look for build date
Some more Checking?
Launch Package Manager
- Eg: Mint Synatic Package Manger
Search/Filter for “ssl” installed
- Eg: libssl1.0.0, openssl
Select libssl1.0.0 and [Get Changelog]
- Look for CVE-2014-0160 fix
CLI - Mint13
- apt-get changelog openssl
- apt-get changelog libssl1.0.0
What to look for :?
CVE-2014-0160 fix
1.01-4ubuntu5.12 for Mint13
Anything Else?
Yes, Google for the rest :)
- This is meant As a Simple Guide
After Patch, Look for??
- Generate New Certificates
- Revoke Old Certificates
- Get all End users to Change Passwords
- Other Details
- Check with your Service Provider eg: Online Mail, Ruby Rail etc...
Remember not all OpenSSH/OpenSSL is affected!
20140421
I have no words to appreciate you and you done a great job in your blog.i want you to add more like this.
ReplyDeleteJAVA Training in Chennai
JAVA Course in Chennai
Digital Marketing Course in Chennai
Python Training in Chennai
Big data training in chennai
Selenium Training in Chennai
JAVA Training in Chennai
JAVA Course in Chennai