Posts

Showing posts from April, 2014

HeartBleed Vulnerability

It's been quite a while since a vulnerability like this has been uncovered.  There is no doubt that this is a serious one and it affects many products.  What makes this a problem is not only that it has serious consequences, but also that it isn't that hard to exploit.  Affected versions of OpenSSL have also been around for a long time since around April 2012 meaning the impact up to now is unknown. Recommendations are to patch the affected products, renew certificates and ensure users change their passwords. OpenSSL versions 1.0.1 - 1.0.2.  OpenSSL advise Affected users should upgrade to OpenSSL 1.0.1g and users unable to immediately upgrade can opt to recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.  1.0.2 will be fixed in 1.0.2-beta2. The list below are links to some of the affected products.  There are many more. VMWare http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225 Fortinet http://www.fortiguard.com/