Educause Security Discussion mailing list archives
Re: Finding Servers Using OpenSSL SSL/TLS
From: "Joel L. Rosenblatt" <joel () COLUMBIA EDU>
Date: Fri, 11 Apr 2014 13:11:37 -0400
We have been running a ssltest python script (from https://gist.github.com/jpicht/10114168) and verifying the results with the http://filippo.io/Heartbleed web site We have repaired all but 1 or 2 at this point - the process will keep on running to catch new ones that will pop up Thanks, Joel Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 On Fri, Apr 11, 2014 at 12:52 PM, Steven Carmody <steven_carmody () brown edu> wrote:
On 4/11/14 12:49 PM, Joel L. Rosenblatt wrote:We keep a constantly updating list of any IP address that accepts connections on port 443 using netflow information, we test them for the Heartbleed bug and inform the machine owner if they have a problemCan you provide any more detailing info about how you test machines for the Heartbleed vulnerability ? Are you looking at the headers that returned, or doing something else ?
Current thread:
- Finding Servers Using OpenSSL SSL/TLS Pratt, Benjamin E. (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Joel L. Rosenblatt (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Mike Cunningham (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Peter Setlak (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Joel L. Rosenblatt (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Mally Mclane (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Joel L. Rosenblatt (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Cheryl O'Dell (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Mike Cunningham (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Joel L. Rosenblatt (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Steven Carmody (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Joel L. Rosenblatt (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Peter Setlak (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Ken Connelly (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Tim Doty (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Peter Setlak (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Pratt, Benjamin E. (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Scherck, Daniel (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Scherck, Daniel (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Valdis Kletnieks (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Danny Schales (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Kevin Wilcox (Apr 11)