Re: Finding Servers Using OpenSSL SSL/TLS

[Mally Mclane <mally.mclane () BRISTOL AC UK>]

SBO..?

Service and Business owner?
On 11 Apr 2014 18:06, "Joel L. Rosenblatt" <joel () columbia edu> wrote:

> We are sending out email to all of our SBO's that use a off campus
> service - they have been tasked with contacting the vendors and
> finding out what they are doing about it
>
> Divide and conquer :-)
>
> Joel
>
>
> Joel Rosenblatt, Director Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
> Public PGP key
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
>
>
> On Fri, Apr 11, 2014 at 12:51 PM, Mike Cunningham
> <mike.cunningham () pct edu> wrote:
> > Do you do anything with cloud/3rd party/off campus systems that Columbia
> uses ?
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel L. Rosenblatt
> > Sent: Friday, April 11, 2014 12:49 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Finding Servers Using OpenSSL SSL/TLS
> >
> > We keep a constantly updating list of any IP address that accepts
> connections on port 443 using netflow information, we test them for the
> Heartbleed bug and inform the machine owner if they have a problem
> > Thanks,
> > Joel Rosenblatt
> >
> >
> >
> >
> > Joel Rosenblatt, Director Network & Computer Security Columbia
> Information Security Office (CISO) Columbia University, 612 W 115th Street,
> NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key
> > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
> >
> >
> > On Fri, Apr 11, 2014 at 11:33 AM, Pratt, Benjamin E.
> > <bepratt () stcloudstate edu> wrote:
> > > Good morning everyone.
> > >
> > > The question:
> > >
> > > What would be the best option for determining remotely whether a server
> utilizes OpenSSL SSL/TLS for encrypting https traffic?
> > > The background:
> > >
> > > I'm hoping the list can provide a little assistance in dealing with the
> aftermath of the Heartbleed vulnerability.
> > > The good news is a scan of our campus network indicates that we are
> nearly fully patched. The bad news is that not all of the https servers
> utilizing OpenSSL SSL/TLS are centrally controlled. This means that we
> don't know which servers were patched before our first scan and therefore
> where all of the servers that were vulnerable, over the past two years, are
> located.
> > > I am attempting to put together options that include changing out SSL
> certificates and notifying users of previously vulnerable systems to update
> passwords. If I am able to provide more specific information about the
> scope of our endeavor it would certainly be an added value.
> > > Thank you,
> > >
> > > Ben
> > >
> > > --
> > >
> > > Benjamin Pratt
> > > St. Cloud State University