Re: Finding Servers Using OpenSSL SSL/TLS

["Joel L. Rosenblatt" <joel () COLUMBIA EDU>]

Senior Business Officer --- the big kahuna :-)

Joel


Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3


On Fri, Apr 11, 2014 at 1:08 PM, Mally Mclane
<mally.mclane () bristol ac uk> wrote:
> SBO..?
>
> Service and Business owner?
>
> On 11 Apr 2014 18:06, "Joel L. Rosenblatt" <joel () columbia edu> wrote:
> > We are sending out email to all of our SBO's that use a off campus
> > service - they have been tasked with contacting the vendors and
> > finding out what they are doing about it
> >
> > Divide and conquer :-)
> >
> > Joel
> >
> >
> > Joel Rosenblatt, Director Network & Computer Security
> > Columbia Information Security Office (CISO)
> > Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> > http://www.columbia.edu/~joel
> > Public PGP key
> > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
> >
> >
> > On Fri, Apr 11, 2014 at 12:51 PM, Mike Cunningham
> > <mike.cunningham () pct edu> wrote:
> > > Do you do anything with cloud/3rd party/off campus systems that Columbia
> > > uses ?
> > >
> > > -----Original Message-----
> > > From: The EDUCAUSE Security Constituent Group Listserv
> > > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel L. Rosenblatt
> > > Sent: Friday, April 11, 2014 12:49 PM
> > > To: SECURITY () LISTSERV EDUCAUSE EDU
> > > Subject: Re: [SECURITY] Finding Servers Using OpenSSL SSL/TLS
> > >
> > > We keep a constantly updating list of any IP address that accepts
> > > connections on port 443 using netflow information, we test them for the
> > > Heartbleed bug and inform the machine owner if they have a problem
> > >
> > > Thanks,
> > > Joel Rosenblatt
> > >
> > >
> > >
> > >
> > > Joel Rosenblatt, Director Network & Computer Security Columbia
> > > Information Security Office (CISO) Columbia University, 612 W 115th Street,
> > > NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key
> > > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
> > >
> > >
> > > On Fri, Apr 11, 2014 at 11:33 AM, Pratt, Benjamin E.
> > > <bepratt () stcloudstate edu> wrote:
> > > > Good morning everyone.
> > > >
> > > > The question:
> > > >
> > > > What would be the best option for determining remotely whether a server
> > > > utilizes OpenSSL SSL/TLS for encrypting https traffic?
> > > >
> > > > The background:
> > > >
> > > > I'm hoping the list can provide a little assistance in dealing with the
> > > > aftermath of the Heartbleed vulnerability.
> > > >
> > > > The good news is a scan of our campus network indicates that we are
> > > > nearly fully patched. The bad news is that not all of the https servers
> > > > utilizing OpenSSL SSL/TLS are centrally controlled. This means that we don't
> > > > know which servers were patched before our first scan and therefore where
> > > > all of the servers that were vulnerable, over the past two years, are
> > > > located.
> > > >
> > > > I am attempting to put together options that include changing out SSL
> > > > certificates and notifying users of previously vulnerable systems to update
> > > > passwords. If I am able to provide more specific information about the scope
> > > > of our endeavor it would certainly be an added value.
> > > >
> > > > Thank you,
> > > >
> > > > Ben
> > > >
> > > > --
> > > >
> > > > Benjamin Pratt
> > > > St. Cloud State University