Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Finding Servers Using OpenSSL SSL/TLS

From: "Joel L. Rosenblatt" <joel () COLUMBIA EDU>
Date: Fri, 11 Apr 2014 13:11:37 -0400
We have been running a ssltest python script (from
https://gist.github.com/jpicht/10114168) and verifying the results
with the http://filippo.io/Heartbleed web site

We have repaired all but 1 or 2 at this point - the process will keep
on running to catch new ones that will pop up

Thanks,
Joel


Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3


On Fri, Apr 11, 2014 at 12:52 PM, Steven Carmody
<steven_carmody () brown edu> wrote:

On 4/11/14 12:49 PM, Joel L. Rosenblatt wrote:


We keep a constantly updating list of any IP address that accepts
connections on port 443 using netflow information, we test them for
the Heartbleed bug and inform the machine owner if they have a problem



Can you provide any more detailing info about how you test machines for the
Heartbleed vulnerability ? Are you looking at the headers that returned, or
doing something else ?
Previous By Date Next
Previous By Thread Next

Current thread: